From nobody Tue May 30 19:11:03 2023
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QW26y1tTnz4Y1Cm
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Tue, 30 May 2023 19:11:06 +0000 (UTC)
	(envelope-from des@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QW26y1SmZz45Sx;
	Tue, 30 May 2023 19:11:06 +0000 (UTC)
	(envelope-from des@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1685473866;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=F626/rP8ysjs0biA/zcFRCBJmkD0SS8/r/Fv53DOR7w=;
	b=SMCK11rJesgwG+WbxgdbATHkD8tHTm12yMi+tFjTeq3NToh+unzDyZKU2HBRibZ6SxDMTi
	oi9ya2LfKAeLKQUujPwddRJvO27Te57rw2vA7P9qyWnpToe3H58+N0fnLWHIihur0dTC62
	/XqMrgSK2gC9dY3dHm99HrA3DPqDbMv1zueIdQ1KNgau29XWin+Hw5PEWfgh9CmscQWn2u
	0+K+RWec5nJJU5bZvuQw0JG/gsJVJ10BPG5JBTZpv3iE1Y+wnWaYECKy+41eaSeGHu2p/L
	/cFLuir51+iDCoGTjvXOTgtXmoEa4Mz0Be9Zb5GIzj9JdCXNNU7pb3pByRI3dQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685473866;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=F626/rP8ysjs0biA/zcFRCBJmkD0SS8/r/Fv53DOR7w=;
	b=wPqkA4EP9lI87//rj+VekMWCaX3RIpLIN12rKpnRUZ8uQm123kLGvdj5+r2x/LNVOlhPG+
	yGd8RGEUSNQ7/REzPW4Q+KMDNkgD/+ccc//Bvoo2CRimvUBBg/49Zwrfv1FldJTP0iy58m
	CGbW3OagTsn2FQR45p0kCVE0ItQ8BRCcksz52/xU9GIlmpFWNo2SYv2o6VxGaTFjuNGdzG
	4cwZwCta0EweN1ms9AHfZSvPu+3vzxwbo+JnffrETfWJpyd3vD51AA0eE6gJKvoDdourt/
	WWKmJfY9h9W57ePWg48GUKtKwTgwAehEoXsJ36I3RsRzlktnVQvPzJG1V7eWcg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685473866; a=rsa-sha256; cv=none;
	b=fAdJAfvjq//dAgLwD/MRdysN7FghsPUqriu2NoYoFct9nfk/hr1bN7gmj7sSy0fq2sEBFb
	5XcvV6VrF49ddR+wcV2cPLq5nkOp8rttNwbVb+HGzkMxqEcINpY1aGeU00j3OdDZkYihq3
	gQ0u2m4IV1lNA7EH+mLE+8AagCr/tunMM6cq8nj9Pqug1BWcXxWA0Z36kHufFDVJ5MXuQt
	cJe/doEfTUVMAnb20+feuLw5Gc03JlQc0BYd4uUu/cH5Bs4Yq4CHGELE8q3JT/8jhpbyrz
	gLXKGVQtpvpx0Lz7OBvHcHcmXiT9r19Mit8xDjZHq86UPzqearsPOqnPEsdoow==
Received: from ltc.des.no (2a02-8428-0993-f001-36e8-94ff-feca-9834.rev.sfr.net [IPv6:2a02:8428:993:f001:36e8:94ff:feca:9834])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: des)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4QW26x6f2lzltg;
	Tue, 30 May 2023 19:11:05 +0000 (UTC)
	(envelope-from des@freebsd.org)
Received: by ltc.des.no (Postfix, from userid 1001)
	id E77B8E059D; Tue, 30 May 2023 21:11:03 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org>
To: David Chisnall <theraven@FreeBSD.org>
Cc: Mike Karels <mike@karels.net>,  bob prohaska <fbsd@www.zefox.net>,
  freebsd-current@freebsd.org
Subject: Re: Surprise null root password
In-Reply-To: <850FF076-A511-4802-8D7C-2029752C3345@FreeBSD.org> (David
	Chisnall's message of "Sat, 27 May 2023 10:39:12 +0100")
References: <ZHDt21wFlpJfQKEs@www.zefox.net> <ZHFqzf9A90L9NfJb@www.zefox.net>
	<E29BDD31-BB38-41F8-B1F9-422CBEC7143D@karels.net>
	<850FF076-A511-4802-8D7C-2029752C3345@FreeBSD.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (berkeley-unix)
Date: Tue, 30 May 2023 21:11:03 +0200
Message-ID: <86sfbdk52w.fsf@ltc.des.no>
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ThisMailContainsUnwantedMimeParts: N

David Chisnall <theraven@FreeBSD.org> writes:
> There was a very nasty POLA violation a release or two ago.  OpenSSH
> defaults to disallowing empty passwords and so having a null password
> was a convenient way of allowing people to su or locally log into that
> user but disallowing ssh.  This option does not work in recent
> versions of FreeBSD.  Turning on the option to permit root login while
> keeping the root password blank used to be (mostly) safe because it
> permitted su to root from people in the wheel group, root login via
> SSH key remotely (for =E2=80=98everything is broken I can=E2=80=99t log i=
n as a user
> whose home directory is not on the root filesystem=E2=80=99 recovery) and
> local login as root from consoles marked as secure.  It now permits
> root login from the network with a blank password.

That is incorrect.  PermitRootLogin defaults to =E2=80=9Cno=E2=80=9D in Fre=
eBSD and to
=E2=80=9Cprohibit-password=E2=80=9D upstream (and presumably in the port), =
while
PermitEmptyPasswords defaults to =E2=80=9Cno=E2=80=9D both in FreeBSD and u=
pstream,
cf. crypto/openssh/servconf.c (search for =E2=80=9Cpermit_root=E2=80=9D and
=E2=80=9Cpermit_empty=E2=80=9D).

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org