Date: Wed, 26 Apr 1995 09:21:20 -0600 (MDT) From: Scott Mace <smace@metal-mail.neosoft.com> To: clary@elec.uq.oz.au (Clary Harridge) Cc: freebsd-security@FreeBSD.org Subject: Re: DISKLESS users become root Message-ID: <199504261521.JAA01305@metal.ops.neosoft.com> In-Reply-To: <9504260509.AA15058@s1.elec.uq.oz.au> from "Clary Harridge" at Apr 26, 95 03:08:47 pm
next in thread | previous in thread | raw e-mail | index | archive | help
I think if you make console in /etc/ttys be insecure, it will solve you problem. This is require the root password to go into single user mode. Without this, the console is a very insecure place... Scott > > Users on any DISKLESS client can become root during the boot sequence. > > I have diskless clients booting off a FreeBSD file server and find that > > Pressing CTRLC just after the last NFS mount and before the "autoreboot" > message causes > > init: /bin/sh on /etc/rc terminated abnormally, going to single user mode > Enter pathname of shell or RETURN for sh: > > then > > RETURN gives a root shell. > > The state of the /etc/ttys file is not being checked for whether the > console is secure (or not) and the user is NOT prompted for a root > password. > > Has anyone a cure for this problem?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504261521.JAA01305>