|
|
|
|
|
|
by geofft
3125 days ago
|
|
|
The code was not supposed to enable the root user in the first place, so I'd be surprised if someone added an assertion that anything about the root user's account was set. It was only supposed to check the root user's password. I suppose you could write an assertion that the code didn't enable the root user, but I'm pretty sure that no password-validation routine anywhere in the history of the world has ever had a test case to make sure it didn't modify the account while validating it. These are unknown unknowns. If you knew enough to write the right test, you wouldn't have written the bug in the first place. |
|
|