Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2001 04:29:29 -0000
From:      Paul Richards <paul@freebsd-services.com>
To:        Mike Barcroft <mike@FreeBSD.org>, Mike Silbersack <silby@silby.com>
Cc:        Alfred Perlstein <bright@mu.org>, John Baldwin <jhb@FreeBSD.org>, mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID:  <616630000.1008044969@lobster.originative.co.uk>
In-Reply-To: <20011210221836.N1956@espresso.q9media.com>
References:  <20011210201909.O92148@elvis.mu.org> <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com> <20011210221836.N1956@espresso.q9media.com>

next in thread | previous in thread | raw e-mail | index | archive | help
--On Monday, December 10, 2001 22:18:36 -0500 Mike Barcroft
<mike@FreeBSD.org> wrote:

> Mike Silbersack <silby@silby.com> writes:
>> On Mon, 10 Dec 2001, Alfred Perlstein wrote:
>> 
>> > > All these loader commits make it possible to overwrite the existing
>> > contents of > a file on a UFS filesystem.
>> > 
>> > Yay!  One "cool" feaure at least from a security standpoint would
>> > be adding a write once variable to turn this off so that one can't
>> > use loader to smash /etc/passwd.
>> > 
>> > John, or Jonathan... ? any plans on giving this a shot?
>> > 
>> > -Alfred
>> 
>> Hm, I wonder if write enabling should even be compiled into the loader by
>> default - I think you're correct in suspecting that changing /etc/passwd
>> will be the primary use of this feature. :|
> 
> Why would someone use this feature to write to the password file, when
> they can just boot into single user mode and use their favourite
> editor?

You need the superuser password to get to single user if the console is
secure. The loader can be used to circumvent that now.


Paul Richards
FreeBSD Services Ltd
http://www.freebsd-services.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?616630000.1008044969>