From owner-freebsd-stable  Tue Apr  3 12:31:58 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4EC1737B71E; Tue,  3 Apr 2001 12:31:54 -0700 (PDT)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1625 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m14kWVI-000CCVC@bsdie.rwsystems.net>
	for <freebsd-stable@FreeBSD.ORG>; Tue, 3 Apr 2001 14:30:12 -0500 (CDT)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25)
Date: Tue, 3 Apr 2001 14:30:12 -0500 (CDT)
From: James Wyatt <jwyatt@rwsystems.net>
To: freebsd-security@freebsd.org
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: su change?
In-Reply-To: <20010403140935.F9618@pir.net>
Message-ID: <Pine.BSF.4.10.10104031422550.4963-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 3 Apr 2001, Peter Radcliffe wrote:
> Matthew Emmerton <matt@gsicomp.on.ca> probably said:
> > Just consider your friend lucky - doing similar things to the root account
> > on any enterprise UNIX (UnixWare, Solaris, AIX) could require a complete
> > reinstall - especially if it's running C2-level security.
> 
> False.
> 
> Solaris, certainly, would just require booting from cdrom, mounting /
> and editing the password file.

Why is booting from CDROM a better fix than booting single-user from the
hard disk? The original poster wanted to avaoid a reboot *at all*.

Solaris, AIX, and even FreeBSD can be booted from a CDROM nowadays, but
I've recovered a SCO system that had a security-fault in it's trustware.
Reinsall was the advised procedure, but there were enough security-db
tools to recover the root account. On the high-security systems I've seen,
a skilled tech can usually recover the system to allow operation, but the
machine should be considered tainted and reinstalled ASAP if you ever
want support from the vendor or peace from your auditors. - Jy@


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message