Date: Mon, 31 May 2021 11:37:24 +0000 (UTC) From: Jane Chen <j.chen1070116@yahoo.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: =?UTF-8?B?6Iux5qC85ouJ5aeG6K+0?= Message-ID: <1307075529.1919818.1622461044660@mail.yahoo.com> References: <1307075529.1919818.1622461044660.ref@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
VHJ1dGggaW4g6ZmE4oaS5Lu244CC44CC44CCCjIwMjEtMDUtMzEKCuS4peWzu+WGrOWto+aatOmj jumbqui/nuaXpeadpeiireKYu+WHu+e+juWbve+8jOWvvOiHtOmBk+i3r+e7k+WGsOOAgeS6pOmA muWPl+mYu++8jOiHs+WwkTE15Lq65q275Lqh77yM6LaF6L+HMuS6v+S6uuWkhOS6juWkqeawlOeb uOWFs+eahOitpuaKpeS4i+OAguW+t+W3nuWPl+WIsOWGsuWHu+acgOS4pemHje+8jDQwMOS4h+aI t+WutuW6reWSjOS8geS4mumBreaWreeUteWGsuWHu+OAggoK4oCc6L+Z5piv5oiR5LuO5pyq6KeB 6L+H55qE5Zy65pmv44CC5aSn6YeP56C05Z2P44CC6L+Z5bCG5piv5LiA5Liq5ryr6ZW/55qE5oGi 5aSN6L+H56iL44CC4oCd5YyX5Y2h5bee5biD5Lym55Ge5YWL5Y6/77yIQnJ1bnN3aWNrIENvdW50 ee+8ieitpumVv+e6pue/sOKAp+iLseagvOaLieWnhu+8iEpvaG4gSW5ncmFt77yJ5Zyo5ZGo5LqM 5pep5Lqb5pe25YCZ5Y+s5byA55qE5paw6Ze75Y+R5biD5Lya5LiK6K+044CC6b6Z5Y236aOO5Zyo 5ZGo5LiA5Y2I5aSc5ZCO6KKt4pi75Ye75LqGR3Jpc3NldHRvd27plYfpmYTov5HlnLDljLrjgIIK Cu+8iOWkp+KWpOe6quKWqOWFg++8iQo= From owner-freebsd-security@freebsd.org Mon May 31 22:58:46 2021 Return-Path: <owner-freebsd-security@freebsd.org> Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BE9A163212C for <freebsd-security@mailman.nyi.freebsd.org>; Mon, 31 May 2021 22:58:46 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-ua1-x92d.google.com (mail-ua1-x92d.google.com [IPv6:2607:f8b0:4864:20::92d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fv9h53MhTz3N6n for <freebsd-security@freebsd.org>; Mon, 31 May 2021 22:58:45 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-ua1-x92d.google.com with SMTP id c10so346374uan.6 for <freebsd-security@freebsd.org>; Mon, 31 May 2021 15:58:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3XEUHXz+9629NRaARG0JrZv2TpKYhlgYc93mkMLjRSk=; b=JyuWtI+ZkCJ0qxymeKq7kyxkVyigK8lupfsPJedZ5/xnJLvTFluDUbUhqtapmMKqhH yjJhoHXrCfYOG90I1CU0QCMCFBJ3wZS/WqEYHvyh3rN6R6ZpElGtG9WWngGcnz09tT2o 0WB7TfcJ6lxdCywbWW2OKHoHkoGxOlWFl/nJzcC7VPbUIIBK9CPL7ff7fTzcXvJtOxoJ BkA6wMDE58vawTY3JIvwTxmj+Ad4mk+R9FCPpQSzeohYwmHLowbVY41M7xFuBGi1pfQh 9n5Er9Gkr9JMnoaRhhycIXHpwr1zO6FG34z5a3jJQ/j0Oc5br+ln2op8iwBxiCIyeqDf auMw== X-Gm-Message-State: AOAM531uXflnOpZX8cbKNz0L1vxfb9dn0faHwHwAJHKd0/8DUUX1n9uW 13x2Gp3d3ZFA2yb2+xwWAECOjYOiW0mNNkTr/epH X-Google-Smtp-Source: ABdhPJxDHXYP0DtNEbs0tdf26EIrfL2bmiZMqR+AYZEDUdqjVLKiIQxYP9opRhlla2aOlZUi5t5MbVQ0L77ZKc8TYs4= X-Received: by 2002:ab0:3418:: with SMTP id z24mr11724844uap.130.1622501924460; Mon, 31 May 2021 15:58:44 -0700 (PDT) MIME-Version: 1.0 References: <p1XhdZERaUmjjEr3KeA4_0dCz0OkMIxIfT_4GfVD5KOMCfN-EjrgVNLr-s6eqVpthVvOIJmEdbi9e6gkjgWizVc_Z94TPdjs4eglvRNNP8g=@protonmail.com> In-Reply-To: <p1XhdZERaUmjjEr3KeA4_0dCz0OkMIxIfT_4GfVD5KOMCfN-EjrgVNLr-s6eqVpthVvOIJmEdbi9e6gkjgWizVc_Z94TPdjs4eglvRNNP8g=@protonmail.com> From: Gordon Tetlow <gordon@tetlows.org> Date: Mon, 31 May 2021 15:58:33 -0700 Message-ID: <CAKghNw1PYAws6SCCOiFxmcD0mjhjffBuYwwyv2ZR-QQcAn8FBg@mail.gmail.com> Subject: Re: sysrc bug To: Fas Xmut <fasxmut@protonmail.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4Fv9h53MhTz3N6n X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.93 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; DKIM_TRACE(0.00)[tetlows.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[tetlows.org,quarantine]; NEURAL_HAM_SHORT(-0.93)[-0.935]; FREEMAIL_TO(0.00)[protonmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::92d:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google]; FREEFALL_USER(0.00)[gordon]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::92d:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::92d:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 31 May 2021 22:58:46 -0000 This isn't a security bug as it requires root privilege to empty /etc/rc.conf. If you have root privilege, you can do that already. Also, changing the root shell is bad for many reasons and I'm not surprised that something doesn't work. That said, it certainly is less than desirable and should probably be more robust in case of this failure. I would recommend opening a bug for this and see if we can get someone to pick it up. Thanks for the report! Gordon Hat: security-officer On Sat, May 29, 2021 at 11:10 PM Fas Xmut via freebsd-security <freebsd-security@freebsd.org> wrote: > > I don't know if it is a security bug or not. When I use sysrc today, the error operations emptied my /etc/rc.conf, that's a small disaster, because my /etc/rc.conf is updated day by day, but now, it is empty. > > First, change your default root shell to sh/ksh or their derived shell. (I have tested, csh will not trigger that bug). > > Second, backup /etc/rc.conf to any other place. > > Then do the following commands: > > ------------------------------------------------------------------------ > # sysrc something_enable="NO" > # sysrc something_enable="YES > > " > awk: newline in string YES > ... at source line 1 > something_enable: NO -> YES > ------------------------------------------------------------------------ > > Now see what is inside /etc/rc.conf ? Everything is empty! only one thing in it: > > ------------------------------------------------------------------------ > something_enable="YES > " > ------------------------------------------------------------------------ > > Sent with [ProtonMail](https://protonmail.com) Secure Email. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1307075529.1919818.1622461044660>