From owner-freebsd-current Wed Nov 29 14:24:28 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA26254 for current-outgoing; Wed, 29 Nov 1995 14:24:28 -0800 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA26241 for ; Wed, 29 Nov 1995 14:24:11 -0800 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id PAA28811; Wed, 29 Nov 1995 15:19:07 -0700 From: Terry Lambert Message-Id: <199511292219.PAA28811@phaeton.artisoft.com> Subject: Re: schg flag on make world in -CURRENT To: nate@rocky.sri.MT.net (Nate Williams) Date: Wed, 29 Nov 1995 15:19:07 -0700 (MST) Cc: terry@lambert.org, nate@rocky.sri.MT.net, freebsd-current@FreeBSD.org In-Reply-To: <199511292215.PAA21562@rocky.sri.MT.net> from "Nate Williams" at Nov 29, 95 03:15:18 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 840 Sender: owner-current@FreeBSD.org Precedence: bulk > > > You can 'su' on insecure lines. You can't directly login as root on > > > insecure lines. > > > > Paraphrased: "You can use a root password on insecure lines. You can't > > directly use a root password on insecure lines." > > Close. > > You can't use the root password on insecure lines w/out at least some > initial form of authentication. Closer. You can't make the root password succeptible to snooping on insecure lines w/out at least some initial form of authentication equally succeptible to snooping (ie: "secure" is a NO-OP if it doesn't prevent root logins). I like the security level bump compromise soloution. It lets people who want the current, useless behaviour have it. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.