Date: Fri, 9 Jan 1998 16:20:01 -0800 (PST) From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: freebsd-bugs Subject: Re: conf/5470: Security compromised on new installation of FreeBSD Message-ID: <199801100020.QAA00802@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/5470; it has been noted by GNATS. From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: ken@bolingbroke.com Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: conf/5470: Security compromised on new installation of FreeBSD Date: Fri, 09 Jan 1998 16:17:39 -0800 > After initial network installation of FreeBSD, using the /stand/sysinstall > utility to add further software removes any modified user db and replaces > it with the default including a root account with *no* password. When you say "to add further software", what do you mean? You don't go and choose one of the bindist-containing "bundles" do you? You go to the custom screen and avoid reinstalling the bindist, right? If not, then your probably is pilot error and not actually a security hole - sysinstall is merely doing exactly what you told it to do and I can close this PR. :) Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801100020.QAA00802>