Booting in recovery mode must ask for a password
(I choose "login" as package but I think it could be "sulogin" instead, but
"sulogin" isn't in the Package list above).
I think booting in recovery mode must ask for a password. By now, recovery mode
boots without asking for a password, and falls into a root prompt with admin
privileges without identyfing the user. I think this is a potential security
risk (even WinXP asks for a password when goes into recovery mode).
The solution could be to ask for the user password (the user created during
installation process, i.e. the "main" user), or a password of any user member of
the 'wheel' group.
What do you think?