From owner-freebsd-security@freebsd.org Sun Feb 28 08:58:24 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C638C564846 for ; Sun, 28 Feb 2021 08:58:24 +0000 (UTC) (envelope-from security@lordcow.org) Received: from mail.lordcow.org (lordcow.org [IPv6:2c0f:fb18:402:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "devaux.za.net", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DpHNv0sxdz3KCV for ; Sun, 28 Feb 2021 08:58:22 +0000 (UTC) (envelope-from security@lordcow.org) Received: from lordcow.org (localhost [127.0.0.1]) by mail.lordcow.org (8.16.1/8.15.2) with ESMTPS id 11S8wDTM009765 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Sun, 28 Feb 2021 10:58:13 +0200 (SAST) (envelope-from lordcow@lordcow.org) X-Authentication-Warning: lordcow.org: Host localhost [127.0.0.1] claimed to be lordcow.org Received: (from lordcow@localhost) by lordcow.org (8.16.1/8.15.2/Submit) id 11S8w8U3009487 for FreeBSD-security@freebsd.org; Sun, 28 Feb 2021 10:58:08 +0200 (SAST) (envelope-from lordcow) Date: Sun, 28 Feb 2021 10:58:08 +0200 From: Gareth de Vaux To: FreeBSD-security@freebsd.org Subject: Re: user account disappeared Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lordcow.org X-Rspamd-Queue-Id: 4DpHNv0sxdz3KCV X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of security@lordcow.org designates 2c0f:fb18:402:5::2 as permitted sender) smtp.mailfrom=security@lordcow.org X-Spamd-Result: default: False [-3.27 / 15.00]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FREEFALL_USER(0.00)[security]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2c0f:fb18:402:5::2:from]; R_SPF_ALLOW(-0.20)[+ip6:2c0f:fb18:402:5::2/64:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2c0f:fb18:402:5::2:from:127.0.2.255]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_TLS_ALL(0.00)[]; DMARC_NA(0.00)[lordcow.org]; NEURAL_HAM_SHORT(-0.97)[-0.966]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:37199, ipnet:2c0f:fb18::/32, country:ZA]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[FreeBSD-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2021 08:58:24 -0000 On Sat 2021-02-27 (18:12), J. Hellenthal wrote: > Looks like your master passwd db is out of sync. > > Command is mkpwdb or something similar then run init q > > Personally it would seem someone got ahold of master.passwd and doesn???t know how it works or a port upgrade failed to complete properly updating the db I'm the only one with root on the machine, and it doesn't look like ports changed any users looking at my backups of /etc/passwd. The only change in that area was when I changed the passwd with passwd(1) of a different user. So passwd(1) or something similar is buggy?