Date: Sat, 8 Nov 2003 20:23:25 -0500 From: kirt <krs@gaultopia.org> To: freebsd-questions@freebsd.org Subject: vulnerability in su? Message-ID: <20031109012325.GD829@yttrium.gaultopia.org>
next in thread | raw e-mail | index | archive | help
while recently cvsup'ing my box here at home, i had a weird thing happen... i had already built world, built and installed the kernel, installed world (including all appropriate reboots), and when i brought it back up, but prior to running mergemaster, i popped the jumper on the circuit the box is on. my ups is somewhat wimpy, and only lasts a couple minutes (the fuse trips all the time too.. stupid apartment wiring can't handle 2 computers and the washer and dryer at once =P ) so i made it a priority to go ahead and shut the box down. after fixing said jumper and bring the box back up i noticed that i could now su like a madman, without ever being prompted for passwords. i then remembered that i hadn't run mergemaster yet, so i ran it again and rebooted for safe measure and su started asking for passwords again. is this a known issue? i didn't search to hard for a fix or anything since i quickly fixed it myself, but i thought that a situation like that could make for some interesting (read *bad*) situations. -kirt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031109012325.GD829>