Re: tiger reports
On Fri, Sep 21, 2001 at 10:33:04AM -0700, Craig Dickson wrote:
>
> > It can potentially make superuser access easier to crack unless both
> > accounts have strong passwords. More generally, I suspect that this
> > is flagged because it could indicate that your system has been
> > compromised and an illicit superuser has been created.
>
> Fair enough. Do I really need sash for anything? Does it really need to
> have its own account?
As I understand it, sash is a minimal shell which is statically linked, so
that even if all your importand dynamically linked libraries get hosed, you
can always log in as single user mode using sash. In order to do this,
sash has to be set as the root shell, which you may not want for every day
use, so sash creates a second root account, to use in case bash won't start
up.
The gist of it is that I would guess that if you can boot off of a CDROM or
floppy (and have one available to boot off of) you can always do that in an
emergency, and therefore shouldn't need the sashroot account. On the other
hand, I am no expert on this, and just got what I know from when I
installed sash a few months ago.
--
David Roundy
http://civet.berkeley.edu/droundy/
Reply to: