Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2001 15:08:33 +0100
From:      Wilko Bulte <wkb@freebie.xs4all.nl>
To:        John Baldwin <jhb@FreeBSD.ORG>
Cc:        Paul Richards <paul@freebsd-services.com>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, mini@haikugeek.com, Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>, Mike Barcroft <mike@FreeBSD.ORG>
Subject:   Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID:  <20011211150833.B69619@freebie.xs4all.nl>
In-Reply-To: <XFMail.011210235132.jhb@FreeBSD.org>; from jhb@FreeBSD.ORG on Mon, Dec 10, 2001 at 11:51:32PM -0800
References:  <616630000.1008044969@lobster.originative.co.uk> <XFMail.011210235132.jhb@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 10, 2001 at 11:51:32PM -0800, John Baldwin wrote:
> 
> On 11-Dec-01 Paul Richards wrote:
> > --On Monday, December 10, 2001 22:18:36 -0500 Mike Barcroft
> > <mike@FreeBSD.org> wrote:
> > 
> >> Mike Silbersack <silby@silby.com> writes:
> >>> On Mon, 10 Dec 2001, Alfred Perlstein wrote:
> >>> 
> >>> > > All these loader commits make it possible to overwrite the existing
> >>> > contents of > a file on a UFS filesystem.
> >>> > 
> >>> > Yay!  One "cool" feaure at least from a security standpoint would
> >>> > be adding a write once variable to turn this off so that one can't
> >>> > use loader to smash /etc/passwd.
> >>> > 
> >>> > John, or Jonathan... ? any plans on giving this a shot?
> >>> > 
> >>> > -Alfred
> >>> 
> >>> Hm, I wonder if write enabling should even be compiled into the loader by
> >>> default - I think you're correct in suspecting that changing /etc/passwd
> >>> will be the primary use of this feature. :|
> >> 
> >> Why would someone use this feature to write to the password file, when
> >> they can just boot into single user mode and use their favourite
> >> editor?
> > 
> > You need the superuser password to get to single user if the console is
> > secure. The loader can be used to circumvent that now.
> 
> As someone else has noted, setting your init path to /tmp/mybinary opens your
> machine up to root rather trivially, and that doesn't require write access. 
> Note that we don't prevent doing 'more /etc/master.passwd' with which one can
> then run crack against the root password or some other utility.  The assumption

Consoles and/or systems not kept under lock and key (physically I mean)
are doomed anyway. Clear the CMOS passowrd (if set in the first place) and
then boot from CD or floppy. Off you go..

-- 
|   / o / /_  _   		email: 	wilko@FreeBSD.org
|/|/ / / /(  (_)  Bulte		Arnhem, The Netherlands	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011211150833.B69619>