Re: sash (was Re: demo vs. real package: FYI (was ...))
Raul Miller wrote:
> > They don't touch the root account. Instead, they clone
> > it as sashroot and set the shell on the cloned account.
> > This is mentioned in the package description.
On Sun, Sep 19, 1999 at 03:39:30PM -0700, Joey Hess wrote:
> I suppose you have considered the security problems, if root forgets
> to change that password when they change the main root one?
Yes I did.
There's not a lot I can do about this beyond advising the sysadmin that
it's a good idea.
It might be a good idea to write a tool to automate this reminder [Perhaps
generalizing it so that if one instance of a uid has its password changed
and other instances do not change the account that got changed will get
a mail message suggesting that the other accounts get changed.]
But I've not undertaken this project, at least not yet.
I want to get sash right first. [There's still some subtle issues that
I think I can handle better. See bugs.debian.org/sash for details.]