From owner-freebsd-questions@FreeBSD.ORG Sat Nov 8 22:47:46 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB4E416A4CE for ; Sat, 8 Nov 2003 22:47:46 -0800 (PST) Received: from clanbuckbuck.org (12-211-125-56.client.attbi.com [12.211.125.56]) by mx1.FreeBSD.org (Postfix) with SMTP id D699A43FDD for ; Sat, 8 Nov 2003 22:47:45 -0800 (PST) (envelope-from ryallsd@datasphereweb.com) Received: (qmail 45248 invoked from network); 9 Nov 2003 06:47:44 -0000 Received: from unknown (HELO bartxp) (192.168.1.2) by 192.168.1.1 with SMTP; 9 Nov 2003 06:47:44 -0000 From: "Derrick Ryalls" To: "'kirt'" , Date: Sat, 8 Nov 2003 22:49:35 -0800 Message-ID: <003401c3a68d$a678a5b0$0201a8c0@bartxp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <20031109012325.GD829@yttrium.gaultopia.org> Importance: Normal Subject: RE: vulnerability in su? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2003 06:47:46 -0000 > > while recently cvsup'ing my box here at home, i had a weird > thing happen... > > i had already built world, built and installed the kernel, > installed world (including all > appropriate reboots), and when i brought it back up, but > prior to running mergemaster, i > popped the jumper on the circuit the box is on. my ups is > somewhat wimpy, and only lasts > a couple minutes (the fuse trips all the time too.. stupid > apartment wiring can't handle > 2 computers and the washer and dryer at once =P ) so i made > it a priority to go ahead and > shut the box down. after fixing said jumper and bring the > box back up i noticed that i > could now su like a madman, without ever being prompted for > passwords. i then remembered > that i hadn't run mergemaster yet, so i ran it again and > rebooted for safe measure and su > started asking for passwords again. > I think the only time this happens is if the root password is blank. It is possible that one of your mergemaster runs put in the default root password (blank).