From owner-cvs-all  Tue Dec 11  6: 9: 0 2001
Delivered-To: cvs-all@freebsd.org
Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253])
	by hub.freebsd.org (Postfix) with ESMTP
	id AF08E37B41B; Tue, 11 Dec 2001 06:08:37 -0800 (PST)
Received: (from wkb@localhost)
	by freebie.xs4all.nl (8.11.6/8.11.6) id fBBE8YX69701;
	Tue, 11 Dec 2001 15:08:34 +0100 (CET)
	(envelope-from wkb)
Date: Tue, 11 Dec 2001 15:08:33 +0100
From: Wilko Bulte <wkb@freebie.xs4all.nl>
To: John Baldwin <jhb@FreeBSD.ORG>
Cc: Paul Richards <paul@freebsd-services.com>,
	cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, mini@haikugeek.com,
	Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>,
	Mike Barcroft <mike@FreeBSD.ORG>
Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID: <20011211150833.B69619@freebie.xs4all.nl>
References: <616630000.1008044969@lobster.originative.co.uk> <XFMail.011210235132.jhb@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <XFMail.011210235132.jhb@FreeBSD.org>; from jhb@FreeBSD.ORG on Mon, Dec 10, 2001 at 11:51:32PM -0800
X-OS: FreeBSD 4.4-STABLE
X-PGP: finger wilko@freebsd.org
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Mon, Dec 10, 2001 at 11:51:32PM -0800, John Baldwin wrote:
> 
> On 11-Dec-01 Paul Richards wrote:
> > --On Monday, December 10, 2001 22:18:36 -0500 Mike Barcroft
> > <mike@FreeBSD.org> wrote:
> > 
> >> Mike Silbersack <silby@silby.com> writes:
> >>> On Mon, 10 Dec 2001, Alfred Perlstein wrote:
> >>> 
> >>> > > All these loader commits make it possible to overwrite the existing
> >>> > contents of > a file on a UFS filesystem.
> >>> > 
> >>> > Yay!  One "cool" feaure at least from a security standpoint would
> >>> > be adding a write once variable to turn this off so that one can't
> >>> > use loader to smash /etc/passwd.
> >>> > 
> >>> > John, or Jonathan... ? any plans on giving this a shot?
> >>> > 
> >>> > -Alfred
> >>> 
> >>> Hm, I wonder if write enabling should even be compiled into the loader by
> >>> default - I think you're correct in suspecting that changing /etc/passwd
> >>> will be the primary use of this feature. :|
> >> 
> >> Why would someone use this feature to write to the password file, when
> >> they can just boot into single user mode and use their favourite
> >> editor?
> > 
> > You need the superuser password to get to single user if the console is
> > secure. The loader can be used to circumvent that now.
> 
> As someone else has noted, setting your init path to /tmp/mybinary opens your
> machine up to root rather trivially, and that doesn't require write access. 
> Note that we don't prevent doing 'more /etc/master.passwd' with which one can
> then run crack against the root password or some other utility.  The assumption

Consoles and/or systems not kept under lock and key (physically I mean)
are doomed anyway. Clear the CMOS passowrd (if set in the first place) and
then boot from CD or floppy. Off you go..

-- 
|   / o / /_  _   		email: 	wilko@FreeBSD.org
|/|/ / / /(  (_)  Bulte		Arnhem, The Netherlands	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message