From owner-freebsd-security@freebsd.org Sun Feb 28 14:43:49 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B64D056D39D for ; Sun, 28 Feb 2021 14:43:49 +0000 (UTC) (envelope-from security@lordcow.org) Received: from mail.lordcow.org (lordcow.org [IPv6:2c0f:fb18:402:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "devaux.za.net", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DpR3S4Hrtz3vwD for ; Sun, 28 Feb 2021 14:43:48 +0000 (UTC) (envelope-from security@lordcow.org) Received: from lordcow.org (localhost [127.0.0.1]) by mail.lordcow.org (8.16.1/8.15.2) with ESMTPS id 11SEhciS023074 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Sun, 28 Feb 2021 16:43:38 +0200 (SAST) (envelope-from lordcow@lordcow.org) X-Authentication-Warning: lordcow.org: Host localhost [127.0.0.1] claimed to be lordcow.org Received: (from lordcow@localhost) by lordcow.org (8.16.1/8.15.2/Submit) id 11SEhXH0023065 for FreeBSD-security@freebsd.org; Sun, 28 Feb 2021 16:43:33 +0200 (SAST) (envelope-from lordcow) Date: Sun, 28 Feb 2021 16:43:33 +0200 From: Gareth de Vaux To: FreeBSD-security@freebsd.org Subject: Re: user account disappeared Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lordcow.org X-Rspamd-Queue-Id: 4DpR3S4Hrtz3vwD X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of security@lordcow.org designates 2c0f:fb18:402:5::2 as permitted sender) smtp.mailfrom=security@lordcow.org X-Spamd-Result: default: False [-3.30 / 15.00]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FREEFALL_USER(0.00)[security]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2c0f:fb18:402:5::2:from]; R_SPF_ALLOW(-0.20)[+ip6:2c0f:fb18:402:5::2/64:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2c0f:fb18:402:5::2:from:127.0.2.255]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_TLS_ALL(0.00)[]; DMARC_NA(0.00)[lordcow.org]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:37199, ipnet:2c0f:fb18::/32, country:ZA]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[FreeBSD-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2021 14:43:49 -0000 On Sun 2021-02-28 (08:25), J. Hellenthal wrote: > If it wasn???t ports then it was buildworld where it asks you ... would you like to run this now ? And you probably selected no instead of yes. Or some combination of that and mergemaster not being run. Sure, though I'm always careful with buildworld and mergemaster, but in the timeline I logged in successfully a few times after the buildworld before the user disappeared. Seems more likely it was related to running "passwd otheruser".