"Joco Salvatti" <[EMAIL PROTECTED]> wrote: > 1. Why doesn't passwd ask superuser's current password when it's run > by the superuser to change its own password? May not it be considered > a serious security flaw?
No, it may not. Why would that matter at all? > 2. Why doesn't the system ask the password, as a default action, to > log in the system, when entering in single user mode? May not it also > be considered a serious security flaw? And why doesn't exist a > different password to log in single user mode, instead of using root's > password? If the local console is not secure, then remove the "secure" flag from it in /etc/ttys. This still doesn't do much, people can just boot some other media and then do whatever they want to your openbsd install if the machine is not physically secured. Adam
