Date: Thu, 28 Feb 2019 09:00:17 -0600 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: freebsd-questions@freebsd.org Subject: Re: possible vulnerability Message-ID: <d8dbd830-69db-5b79-1f25-0afcd7b2df7c@kicp.uchicago.edu> In-Reply-To: <CAB4bussd3jSa1dZ79=1K2FdMpHOv=Kv60Ju3gMb=VUo7YvpVcQ@mail.gmail.com> References: <CAB4bussd3jSa1dZ79=1K2FdMpHOv=Kv60Ju3gMb=VUo7YvpVcQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/28/19 8:00 AM, Albin Lidén wrote: > Please do forward this to the right team > > Wzup u BSD-govs! > I just thought about something related to BSD/UNIX and Linux security > What would happen if a user did execute a script which put the system into > a single user mode during when the OS i completely in multi-user-mode Do we have a troll again? One has to know what level of privileges one has to have to do this or that before offering "insight" BS like this one IMHO. Valeri > > that would lockup the passwd for the root to change his password WITHOUT > having it > > wouldn't that be a risky action, by a possible hacker > maybe even a vulnerability, if you have forgotten to lock the mode when in > multi-user sufficiently > > if the user just went into that mode, without any root shell he would be > root and he would have access to mount and also to passwd > > just pondering about this, realized it could be a possible backdoor or > other way round the otherwise strict security > > no need to reply, simply check this, if you believe I could be right > > another possible way around security would be to reload the freebsd boot > loader, but NOT reboot the system. then run in single user mode > > such as nintendo once had a bug which allowed exploits to access the > 3ds-mode, when it was unlocked, 3ds roms may be ran without restrictions > > thank u guys > have a good one! > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d8dbd830-69db-5b79-1f25-0afcd7b2df7c>