mcvoy@rsch.WISC.EDU (Lawrence W. McVoy) (10/22/86)
OK, I'm getting mail msgs and postings that you can never generate a
"*" by encrypting a string. Fine. Great. If I had thought about it,
I would have realized that. But I didn't because that's really not
what I had intended to gripe about. My original point still stands:
it's stupid to put a dummy entry into the passwd file that has uid==0.
You could slip up and delete the star, maybe you start copying it
around and screw it up, whatever. Why insist on living on the edge?
People who insist on doing stupid things like this are the same sort of
people that leave lots of users in roots .rhosts. Sloppy attitudes
lead to sloppy security.
--
Larry McVoy mcvoy@rsch.wisc.edu,
{seismo, topaz, harvard, ihnp4, etc}!uwvax!mcvoy
"They're coming soon! Quad-stated guru-gates!"