Date: Sat, 02 Jan 2016 19:52:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401 Message-ID: <bug-202268-9824-tM8KnZQooJ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-202268-9824@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 --- Comment #5 from Marie Helene Kvello-Aune <marieheleneka@gmail.com> --- I've reproduced this on 11-CURRENT (FreeBSD mpc.hjemme 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r293047M: Sat Jan 2 12:16:07 CET 2016 root@mpc.hjemme:/usr/obj/usr/src/sys/GENERIC amd64) When I press ctrl + \ while jails are being started, I see a notice about a core dump (attached) and I get the prompt to select which shell to use for single-user mode. When selecting shell, I have single-user mode on host system. This is with the default setting in /etc/ttys, where local console is considered secure. I tried pressing ctrl + \ constantly during rc.d execution but not during /etc/rc.d/jail script exectution, and this behaviour was NOT happening. It seems to be specific to the /etc/rc.d/jail script. Once I entered single-user mode, I saw all jails had started, even though the core dump and single-user mode happened while jail 2 out of 8 were being started. If I set local console to not be considered secure (i.e. require password to enter single-user mode), I am prompted for root password. This is definitely a bug, but considering it doesn't let you skip password on insecure console I wouldn't consider it a security issue. Please let me know if any more details are required to solve this problem. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202268-9824-tM8KnZQooJ>