Date: Thu, 17 Apr 2003 18:37:39 -0500 From: Jimi Thompson <jimit@myrealbox.com> To: Jim Mock <mij@soupnazi.org>, Brent Bailey <misterb@bmyster.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: user toor ??? Message-ID: <a05200f1bbac4eabc1d55@[10.10.10.2]> In-Reply-To: <73AF04A0-7111-11D7-B269-000393460DB2@soupnazi.org> References: <73AF04A0-7111-11D7-B269-000393460DB2@soupnazi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"toor" is no more and no less of a risk that "root". Secure it as you would root. Oh, and given sufficient opportunity, I can crack ANY password that uses characters from the ASCII set. It's just not that difficult. If you are going to expose this system the internet, I STRONGLY recommend that you use two-factor authentication and DO NOT RELY on passwords alone. At 1:16 PM -0700 4/17/03, Jim Mock wrote: >On Thursday, April 17, 2003, at 12:45 PM, Brent Bailey wrote: >>Can anyone tell me what function does the user "toor" that is put >>in by default by FBSD install do? > >It's a backup root user. > >>im told its a security risk ...but unsure what it does ?? > >I'm told a lot of things too, but that doesn't mean I believe all of >them :-) If you're excessively paranoid, you can remove the user, >but if someone can get into your machine and crack root/toor's >password, you've got bigger issues to worry about. > >- jim > >-- >- jim mock mij@{soupnazi|opendarwin}.org jim@{bsdnews|FreeBSD}.org - >- editor in chief, BSD News: http://bsdnews.org http://soupnazi.org - > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Thanks, Ms. Jimi Thompson, CISSP, Rev. "I'm a great believer in luck, and I find the harder I work, the more I have of it." -- Thomas Jefferson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a05200f1bbac4eabc1d55>