From owner-freebsd-questions@freebsd.org Thu Feb 28 18:02:38 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D2DF1511314 for ; Thu, 28 Feb 2019 18:02:38 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF05E77448 for ; Thu, 28 Feb 2019 18:02:36 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([92.195.28.147]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPA (Nemesis) id 1MjjSt-1hOYLZ0UDD-00lBVN; Thu, 28 Feb 2019 19:02:34 +0100 Date: Thu, 28 Feb 2019 19:02:33 +0100 From: Polytropon To: Albin =?ISO-8859-1?Q?Lid=E9n?= Cc: freebsd-questions@freebsd.org Subject: Re: possible vulnerability Message-Id: <20190228190233.139bccb1.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:Z7Jnq1MO3Tv8PXHLqiYSrKVuGHi3i1MDpEWALb5VxgtN6JUjGsC F8ZKkV4WcnkkayoUqQw6MbDjutuMegBOvS2uspMwgujp6LPAA5kllz+RUEsIwaBM6LnkZeb zEdgNiZ8ut5zJLYiwqN4O0vYKViXSjiH/r5xNWJD97izpflQydFkcp8kO941Fam6cqfsOoW W0OXTR0+ReK4+QHgxR0zA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:2uw91zWfx+A=:ch/24fRs7YFr+P2/WrKBOa WEDBj+b85cq5RORYpRQXOlDQfA4lofefEz0M5gaFlCI04YJZ7jwD4Pkw9SarMNxt3fpSZNX3z GqO/zR3+8Bgdyon5H1d2lvC8AtTQEe78QAV8wh9BSnlddTPxvslDQjUuM0PZ2eEaNNc+XA8yz uKjmKTIVzTvcvy/Mj3XXunyEDeDjq+gTE5IJi2uobewUOgUerPDxClOXantnYR2Wmg53/JSXU 3eCIBBE1Qh5J2nYrkkkwkBqgw4ewreZVJkSxmQ4XqFE+n+DYjmPNas6U8JGrWx1NKpCty2G08 t37hnAcOb/8VgnuMrN7rzagMiicVUlj8WNG1x7mvVfnKCuXCPLFKMtVRwy3SAI2msIgMHsMPa HSV6s7bzpf1tI/5U5lzM+3Recowm2R6BIyy0gSf+2Wu61yGIyQ+n13OjU4ACL5qQwqKSfsq1g pQs8IiL95qX6MUiipQqUtq/bFho3ObkajBdjcgo/uTe+ozocIY9LNtOMo6E9BJD+Z02aczPzm +VNZ9I1/wqNkGuuti+CGddyu+pZP7lmRfsXwRI7uUsH87GQbE16cliHDW01BNtCrXYyrzPDJD dg92GAky37M1Bq+bUJCQqfA2WponQLdXbcw3MRPUgnr9fkNT6zkIra8+2Mlq3pkq3PRuczcch 5t44m3Yf27Ol8buIF+9p9EjsufZr8BHKy4ILrK+D37KAw1HIjlb1P8rhErR3m0KMTtHqIpBIs 416xzpb7SgAVSIMutbzjuZlSR8kFmUhpIuwMMiYqTsoIY8ZhkMfqZ7c856c= X-Rspamd-Queue-Id: BF05E77448 X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [6.18 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; MX_GOOD(-0.01)[mx01.schlund.de,mx00.schlund.de]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; RCVD_TLS_LAST(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[147.28.195.92.zen.spamhaus.org : 127.0.0.10]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.76)[0.758,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.998,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[1.000,0]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[130.126.227.212.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[130.126.227.212.rep.mailspike.net : 127.0.0.17]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(1.03)[ip: (4.32), ipnet: 212.227.0.0/16(-0.96), asn: 8560(1.80), country: DE(-0.01)] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 18:02:38 -0000 On Thu, 28 Feb 2019 15:00:22 +0100, Albin Lid=E9n wrote: > What would happen if a user did execute a script which put the system into > a single user mode during when the OS i completely in multi-user-mode >=20 > that would lockup the passwd for the root to change his password WITHOUT > having it THat's not directly possible. That script would need to have specific permissions to take the system down, which regular user scripts cannot do. This assumes that the user in question is a non-privileged user (not in groups like wheel, operator; not able to use su, sudo, super). When the system enters single-user mode, theere is a setting in /etc/ttys that might mark the system console as insecure (opposed to secure), and then the system would prompt for the root password. > wouldn't that be a risky action, by a possible hacker > maybe even a vulnerability, if you have forgotten to lock the mode when in > multi-user sufficiently As I mentioned, entering SUM from MUM requires the ability to shutdown the system, which regular users do not have. > if the user just went into that mode, without any root shell he would be > root and he would have access to mount and also to passwd The single-user mode is very restricted. It usually does not even come with a network connection, so local access would be a typical scenario. On the other hand, if a user has local =3D physical access to a machine, it's GAME OVER anyway. :-) > just pondering about this, realized it could be a possible backdoor or > other way round the otherwise strict security The term "backdoor" means something entirely different. What you are describing could be called a mis-configuration. Leaving the system console marked "insecure" is... well, it's insecure! :-) > another possible way around security would be to reload the freebsd boot > loader, but NOT reboot the system. then run in single user mode Again, this requires permissions a regular user does not have. Write access to devices and execution permission for specific programs would be needed to change things like a boot loader. FreeBSD is not DOS (not _that_ DOS, the other one). ;-) --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...