Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ucbvax!hplabs!sdcrdcf!cudney
From: cudney@sdcrdcf.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: 4.3BSD login - logging in as root
Message-ID: <4436@sdcrdcf.UUCP>
Date: Sun, 12-Apr-87 16:54:11 EST
Article-I.D.: sdcrdcf.4436
Posted: Sun Apr 12 16:54:11 1987
Date-Received: Mon, 13-Apr-87 06:18:16 EST
References: <437@bacchus.MIT.EDU>
Reply-To: cudney@sdcrdcf.UUCP (Paul Cudney)
Distribution: world
Organization: Unisys - System Development Group, Santa Monica
Lines: 12
Summary: Password Exposure

In article <437@bacchus.MIT.EDU> rlk@athena.MIT.EDU writes:
> In article <274@quacky.mips.UUCP> dce@quacky.UUCP (David Elliott) writes:
>  ] [Discussion of logging in as root on an unsecure tty].
>  ] Is there a good reason that login shouldn't go ahead and prompt for a
>  ] password in this case just for the sake of consistency?
> None that I can think of. ... >Robert

Consistency may be less a factor than the risk of exposing the root
password in clear text on a tapped line.  No system should encourage a
person to do something thoughtless.  Asking for the root password on an
unsecured line is just such a design fault.  Consider your exposure on
some local area networks, and think again.  /Paul