[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: edit root alias when installing the OS

On Thu, 2006-01-05 at 19:15 -0800, Michael A. Peters wrote:
> I can't speak for Ubuntu - but OS X has a root account.
> sudo su -
> and you are root.

Well any unix is not likely to get rid of root entirely, but you can
eliminate the password on the account and discourage its direct use.

> It weakens OS X because by default, every admin password is essentially
> a root password.

I'm not seeing a convincing argument as to why this is any worse than
every admin knowing the root password.

> In the early days it was *really* bad - as one could from a local
> account do nidump passwd . and then run it through jtr to crack weak
> admin passwords (and thus root the box). At least now they finally have
> some sort of shadow implemented to prevent that.

I don't see how weak passwords are sudo's fault.

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]