From owner-freebsd-questions@FreeBSD.ORG  Sun Mar  1 16:47:46 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 800CD106566B
	for <freebsd-questions@freebsd.org>;
	Sun,  1 Mar 2009 16:47:46 +0000 (UTC)
	(envelope-from glen.j.barber@gmail.com)
Received: from mail-bw0-f164.google.com (mail-bw0-f164.google.com
	[209.85.218.164])
	by mx1.freebsd.org (Postfix) with ESMTP id 0A2E88FC14
	for <freebsd-questions@freebsd.org>;
	Sun,  1 Mar 2009 16:47:45 +0000 (UTC)
	(envelope-from glen.j.barber@gmail.com)
Received: by bwz8 with SMTP id 8so1618801bwz.43
	for <freebsd-questions@freebsd.org>;
	Sun, 01 Mar 2009 08:47:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=djrDtmVciidGwuUu6VvZDt+zG/rQyV6d9Kir5A3L7yc=;
	b=THFdddQ8F9yVTrNs1wIRTCu1uSFJ71QU/4uJ9YMZbUJ11AoTpJXJDAHYvdscXistnR
	ZUt0SUjnn8U3DT6lhcvXR5y1RmWQKYCjIeaVrRcsLkIyYJcHkcbJTH0Hxm6r+CVY2u+7
	ebVNK4BQfIvl0vSXydz3ivt/MWPq4VwUtcDx4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=DPk/1bN/PLVQxNX4LDvUPaQ1ZIETDAjFbt3g/Ugrgaxb1EcKOHIwHQgH8UsQbbYDAP
	QJg1bleKWhydpcO5COg8with0VCSXGpANCdiZ7AICz6PfjBAidpjiRBpD5e+BtHBlCcR
	l6BnNTqJh3yw7e1dg7zi1CNVvNaqlhlO82e6k=
MIME-Version: 1.0
Received: by 10.223.113.9 with SMTP id y9mr5166914fap.61.1235926064832; Sun, 
	01 Mar 2009 08:47:44 -0800 (PST)
In-Reply-To: <20090301164355.GA29675@haruhi>
References: <d2f26f270903010650h243df36bx2ea07d434567633e@mail.gmail.com>
	<20090301155532.GA29514@haruhi>
	<4ad871310903010811o47b77f04y7976819e101b881b@mail.gmail.com>
	<20090301164355.GA29675@haruhi>
Date: Sun, 1 Mar 2009 11:47:44 -0500
Message-ID: <4ad871310903010847w7542b038w6f7787bb231d0bef@mail.gmail.com>
From: Glen Barber <glen.j.barber@gmail.com>
To: Daniel Lannstrom <op@trekdanne.se>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Root shell
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Mar 2009 16:47:46 -0000

On Sun, Mar 1, 2009 at 11:43 AM, Daniel Lannstrom <op@trekdanne.se> wrote:
> On Sun, Mar 01, 2009 at 11:11:56AM -0500, Glen Barber wrote:
>> This explains one of the reasons not to change root's shell:
>>
>> http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT
>
> Yes that's exactly what I meant. Is there any other reason except for
> that? As I see it that problem can easily be solved by copying bash to
> the root file system. Also many systems today have the root and /usr
> on the same file system.

You'd have to also copy more than just the binary file.  It's more
complex than that, and generally is a Bad Idea(tm).

-- 
Glen Barber