From owner-cvs-all  Mon Dec 10 20:29:40 2001
Delivered-To: cvs-all@freebsd.org
Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [62.232.68.68])
	by hub.freebsd.org (Postfix) with ESMTP
	id 00C0E37B41E; Mon, 10 Dec 2001 20:29:32 -0800 (PST)
Received: from lobster.originative.co.uk (lobster [62.232.68.81])
	by mailgate.originative.co.uk (Postfix) with ESMTP
	id CC3371D169; Tue, 11 Dec 2001 04:29:29 +0000 (GMT)
Date: Tue, 11 Dec 2001 04:29:29 -0000
From: Paul Richards <paul@freebsd-services.com>
To: Mike Barcroft <mike@FreeBSD.org>,
	Mike Silbersack <silby@silby.com>
Cc: Alfred Perlstein <bright@mu.org>, John Baldwin <jhb@FreeBSD.org>,
	mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID: <616630000.1008044969@lobster.originative.co.uk>
In-Reply-To: <20011210221836.N1956@espresso.q9media.com>
References: <20011210201909.O92148@elvis.mu.org>
 <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com>
 <20011210221836.N1956@espresso.q9media.com>
X-Mailer: Mulberry/2.1.1 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

--On Monday, December 10, 2001 22:18:36 -0500 Mike Barcroft
<mike@FreeBSD.org> wrote:

> Mike Silbersack <silby@silby.com> writes:
>> On Mon, 10 Dec 2001, Alfred Perlstein wrote:
>> 
>> > > All these loader commits make it possible to overwrite the existing
>> > contents of > a file on a UFS filesystem.
>> > 
>> > Yay!  One "cool" feaure at least from a security standpoint would
>> > be adding a write once variable to turn this off so that one can't
>> > use loader to smash /etc/passwd.
>> > 
>> > John, or Jonathan... ? any plans on giving this a shot?
>> > 
>> > -Alfred
>> 
>> Hm, I wonder if write enabling should even be compiled into the loader by
>> default - I think you're correct in suspecting that changing /etc/passwd
>> will be the primary use of this feature. :|
> 
> Why would someone use this feature to write to the password file, when
> they can just boot into single user mode and use their favourite
> editor?

You need the superuser password to get to single user if the console is
secure. The loader can be used to circumvent that now.


Paul Richards
FreeBSD Services Ltd
http://www.freebsd-services.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message