Date: Thu, 28 Feb 2019 15:00:22 +0100 From: =?UTF-8?B?QWxiaW4gTGlkw6lu?= <albin.liden@gmail.com> To: freebsd-questions@freebsd.org Subject: possible vulnerability Message-ID: <CAB4bussd3jSa1dZ79=1K2FdMpHOv=Kv60Ju3gMb=VUo7YvpVcQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Please do forward this to the right team Wzup u BSD-govs! I just thought about something related to BSD/UNIX and Linux security What would happen if a user did execute a script which put the system into a single user mode during when the OS i completely in multi-user-mode that would lockup the passwd for the root to change his password WITHOUT having it wouldn't that be a risky action, by a possible hacker maybe even a vulnerability, if you have forgotten to lock the mode when in multi-user sufficiently if the user just went into that mode, without any root shell he would be root and he would have access to mount and also to passwd just pondering about this, realized it could be a possible backdoor or other way round the otherwise strict security no need to reply, simply check this, if you believe I could be right another possible way around security would be to reload the freebsd boot loader, but NOT reboot the system. then run in single user mode such as nintendo once had a bug which allowed exploits to access the 3ds-mode, when it was unlocked, 3ds roms may be ran without restrictions thank u guys have a good one!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAB4bussd3jSa1dZ79=1K2FdMpHOv=Kv60Ju3gMb=VUo7YvpVcQ>