On Wed, Jun 21, 2006 at 02:23:20PM -0300, Joco Salvatti wrote: > My doubts may seem fool, so thanks in advance for those who will read > this e-mail and may help me with my doubts. > > 1. Why doesn't passwd ask superuser's current password when it's run > by the superuser to change its own password? May not it be considered > a serious security flaw?
Root could easily get around such a thing, being root and all. Don't log in as root. If you must log in as root, don't when someone else can walk up and change the root password. > 2. Why doesn't the system ask the password, as a default action, to > log in the system, when entering in single user mode? May not it also > be considered a serious security flaw? And why doesn't exist a > different password to log in single user mode, instead of using root's > password? If you have physical access to the computer then you literally own it. You can pop out the disk and put in into another computer. You can pour vodka into the machine. If you can't physically secure your important computers then you are not secure. Period. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
