Date: Thu, 17 Apr 2003 18:37:39 -0500 From: Jimi Thompson <jimit@myrealbox.com> To: Jim Mock <mij@soupnazi.org>, Brent Bailey <misterb@bmyster.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: user toor ??? Message-ID: <a05200f1bbac4eabc1d55@[10.10.10.2]> In-Reply-To: <73AF04A0-7111-11D7-B269-000393460DB2@soupnazi.org> References: <73AF04A0-7111-11D7-B269-000393460DB2@soupnazi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"toor" is no more and no less of a risk that "root". Secure it as
you would root. Oh, and given sufficient opportunity, I can crack
ANY password that uses characters from the ASCII set. It's just not
that difficult. If you are going to expose this system the internet,
I STRONGLY recommend that you use two-factor authentication and DO
NOT RELY on passwords alone.
At 1:16 PM -0700 4/17/03, Jim Mock wrote:
>On Thursday, April 17, 2003, at 12:45 PM, Brent Bailey wrote:
>>Can anyone tell me what function does the user "toor" that is put
>>in by default by FBSD install do?
>
>It's a backup root user.
>
>>im told its a security risk ...but unsure what it does ??
>
>I'm told a lot of things too, but that doesn't mean I believe all of
>them :-) If you're excessively paranoid, you can remove the user,
>but if someone can get into your machine and crack root/toor's
>password, you've got bigger issues to worry about.
>
>- jim
>
>--
>- jim mock mij@{soupnazi|opendarwin}.org jim@{bsdnews|FreeBSD}.org -
>- editor in chief, BSD News: http://bsdnews.org http://soupnazi.org -
>
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
--
Thanks,
Ms. Jimi Thompson, CISSP, Rev.
"I'm a great believer in luck, and I find the harder I work, the more
I have of it." -- Thomas Jefferson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a05200f1bbac4eabc1d55>