From owner-freebsd-current  Wed Nov 29 16:40:58 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id QAA07650
          for current-outgoing; Wed, 29 Nov 1995 16:40:58 -0800
Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id QAA07644
          for <freebsd-current@freebsd.org>; Wed, 29 Nov 1995 16:40:53 -0800
Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id RAA22160; Wed, 29 Nov 1995 17:43:07 -0700
Date: Wed, 29 Nov 1995 17:43:07 -0700
From: Nate Williams <nate@rocky.sri.MT.net>
Message-Id: <199511300043.RAA22160@rocky.sri.MT.net>
To: Terry Lambert <terry@lambert.org>
Cc: p.richards@elsevier.co.uk (Paul Richards), freebsd-current@freebsd.org
Subject: Re: schg flag on make world in -CURRENT
In-Reply-To: <199511292212.PAA28788@phaeton.artisoft.com>
References: <199511290956.JAA13824@isis>
	<199511292212.PAA28788@phaeton.artisoft.com>
Sender: owner-current@freebsd.org
Precedence: bulk

> > I see some merit though in preventing root access period from insecure
> > pty's. If it was an added security level I'd be in favour of it. There
> > are machines where I'd like to disable remote root access completely.
> 
> Good idea.  If you bump the secure level, you have to use a secure line
> to enter the root password.  This satisfy everyone?

I think that's fair enough.  If I hear you correctly, you'd have to
modify 'su' to only run on secure terminals if you are the non-default
secure level?


Nate