*BSD News Article 94723


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!su-news-hub1.bbnplanet.com!news.bbnplanet.com!csn!nntp-xfer-1.csn.net!boulder!rintintin.Colorado.EDU!fcrary
From: fcrary@rintintin.Colorado.EDU (Frank Crary)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Root Password
Date: 30 Apr 1997 01:14:42 GMT
Organization: University of Colorado, Boulder
Lines: 16
Message-ID: <5k66e2$quc@lace.colorado.edu>
References: <18F8FF21930307C2.9C8789DEFA86E574.971B7B7D034EAE5D@library-proxy.airnews.net> <fred-ya02408000R2604971333350001@news.lightside.com> <5k2frr$fv7$2@polaris.eurocontrol.fr> <3365A2AB.2F1CF0FB@FreeBSD.org>
NNTP-Posting-Host: rintintin.colorado.edu
NNTP-Posting-User: fcrary
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39964


In article <3365A2AB.2F1CF0FB@FreeBSD.org>,
Jordan K. Hubbard <jkh@FreeBSD.org> wrote:
>> But there is a small bug in 2.2.1 that makes login impossible when the root
>> password is empty :-(

>Unless you're loading 2.2.1 from CDROM, in which case it was fixed there
>as an 11th hour patch.

Somehow, I don't see this in the same light. This "bug" keeps a careless
system administrator from leaving the password field empty, and allowing
anyone to log in as root without needing a password. Such a "bug" closes
a massive security hole, and I don't really see why anyone would want to
"fix" it.

                                                            Frank Crary
                                                            CU Boulder