Date: Wed, 26 Apr 1995 15:08:47 +1000 (EST) From: clary@elec.uq.oz.au (Clary Harridge) To: freebsd-security@FreeBSD.org Subject: DISKLESS users become root Message-ID: <9504260509.AA15058@s1.elec.uq.oz.au>
next in thread | raw e-mail | index | archive | help
Users on any DISKLESS client can become root during the boot sequence. I have diskless clients booting off a FreeBSD file server and find that Pressing CTRLC just after the last NFS mount and before the "autoreboot" message causes init: /bin/sh on /etc/rc terminated abnormally, going to single user mode Enter pathname of shell or RETURN for sh: then RETURN gives a root shell. The state of the /etc/ttys file is not being checked for whether the console is secure (or not) and the user is NOT prompted for a root password. Has anyone a cure for this problem? -- regards Dept. of Electrical Engineering, Clary Harridge University of Queensland, QLD, Australia, 4072 Phone: +61-7-365-3636 Fax: +61-7-365-4999 INTERNET: clary@elec.uq.oz.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9504260509.AA15058>