Date: Sat, 10 Oct 1998 17:38:08 -0700 (PDT) From: bs@eunet.ch To: freebsd-gnats-submit@FreeBSD.ORG Subject: misc/8260: upgrade security breach Message-ID: <199810110038.RAA21419@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 8260 >Category: misc >Synopsis: upgrade security breach >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 10 17:40:00 PDT 1998 >Last-Modified: >Originator: Bernard Steiner >Organization: >Release: 3.0-19981010-BETA >Environment: FreeBSD grimma.anydomain.de 3.0-19980830-SNAP FreeBSD 3.0-19980830-SNAP #9: Tue Oct 6 19:11:34 CEST 1998 root@:/usr/src/sys/compile/GRIMMA i386 >Description: During an upgrade, it appears that the old password file gets temporarily nuked by a password file that contains an empty root password. There is no flashing sign mentioning this. >How-To-Repeat: Call upgrade from sysinstall >Fix: Put a *** SECURITY WARNING *** with appropriate kind words that it may be a good idea to disable inetd and friends between the upgrade-commit button and the actual upgrade. This is a non-issue for installs running single user mode. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810110038.RAA21419>