Joco Salvatti wrote:
My doubts may seem fool, so thanks in advance for those who will read
this e-mail and may help me with my doubts.
1. Why doesn't passwd ask superuser's current password when it's run
by the superuser to change its own password? May not it be considered
a serious security flaw?
This would not really improve security. Given access as root, an
attacker could simply delete the master password file and create a new
one to effect the same thing.
2. Why doesn't the system ask the password, as a default action, to
log in the system, when entering in single user mode? May not it also
be considered a serious security flaw? And why doesn't exist a
different password to log in single user mode, instead of using root's
password?
The /etc/ttys file controls this. The console may be either secure or
insecure. It the console is secure then physical access controls are
assumed. If insecure, password authentication is required.
Physically secure siting of the computer is necessary. Otherwise, for
example, the disk could be removed, modified, and replaced. The question
is whether or not the console is also physically secured.
--
John R. Shannon
