Date: Tue, 11 Dec 2001 04:29:29 -0000 From: Paul Richards <paul@freebsd-services.com> To: Mike Barcroft <mike@FreeBSD.org>, Mike Silbersack <silby@silby.com> Cc: Alfred Perlstein <bright@mu.org>, John Baldwin <jhb@FreeBSD.org>, mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <616630000.1008044969@lobster.originative.co.uk> In-Reply-To: <20011210221836.N1956@espresso.q9media.com> References: <20011210201909.O92148@elvis.mu.org> <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com> <20011210221836.N1956@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Monday, December 10, 2001 22:18:36 -0500 Mike Barcroft <mike@FreeBSD.org> wrote: > Mike Silbersack <silby@silby.com> writes: >> On Mon, 10 Dec 2001, Alfred Perlstein wrote: >> >> > > All these loader commits make it possible to overwrite the existing >> > contents of > a file on a UFS filesystem. >> > >> > Yay! One "cool" feaure at least from a security standpoint would >> > be adding a write once variable to turn this off so that one can't >> > use loader to smash /etc/passwd. >> > >> > John, or Jonathan... ? any plans on giving this a shot? >> > >> > -Alfred >> >> Hm, I wonder if write enabling should even be compiled into the loader by >> default - I think you're correct in suspecting that changing /etc/passwd >> will be the primary use of this feature. :| > > Why would someone use this feature to write to the password file, when > they can just boot into single user mode and use their favourite > editor? You need the superuser password to get to single user if the console is secure. The loader can be used to circumvent that now. Paul Richards FreeBSD Services Ltd http://www.freebsd-services.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?616630000.1008044969>