On 6/21/06, Gabriel Puliatti <[EMAIL PROTECTED]> wrote:
On 6/21/06, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> > My doubts may seem fool, so thanks in advance for those who will read
> > this e-mail and may help me with my doubts.
> >
> > 1. Why doesn't passwd ask superuser's current password when it's run
> > by the superuser to change its own password? May not it be considered
> > a serious security flaw?
>
> Oh come on. Are you serious? Why ask for the old password when that
> same user can just rm -rf /
Besides, by the time you get root, you already have complete control
of the system. Do you really need to be protected from the attacker
doing something that will only nag, since the system is compromised
already?
