[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] AdmR & AdmQ Users
- Subject: Re: [cobalt-users] AdmR & AdmQ Users
- From: Mailing List Account <listmail@xxxxxxxxxxx>
- Date: Wed Mar 5 19:33:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Wed, 5 Mar 2003, Kevin Bonner wrote:
> These entries tell me that if you were to login as root or admR, you would
> have the same access. I know of no security conscious individual who would
> setup a system with multiple root-level users, and if they did, they should
> be taken out and shot.
Excuse me... multiple root-level users are not uncommon on Unix
or on legacy systems. FreeBSD, for example, ships with a user toor (root
backwards). The account is disabled by default and is of no use unless the
admin sets it's password. Such an account can be used to recover a system
on which root is broken in some way or perhaps in the event the root
password is lost it can be used to recover the system without dropping
into the single user mode and thereby experiencing down-time. Most
knowledgeable security professionals leave the choice of removing the toor
account to the boxes' owner. It's most certainly not an exploit waiting
for a place to happen. IBM's OS/400 contains similar accounts, including
multiple levels of 'root' access, and OS/400 one of the few OSes certified
as secure by some section of the US Government - I'm sorry, I don't recall
which.
Sweeping generalities...
Best Regards,
Brent