Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 26 May 2023 22:55:49 +0200
From:      Yuri <yuri@aetern.org>
To:        freebsd-current@freebsd.org
Subject:   Re: Surprise null root password
Message-ID:  <61e30711-f0da-2f42-3a6f-9bd91fc6b1ce@aetern.org>
In-Reply-To: <ZHEGpyKSWj4X/6Lk@www.zefox.net>
References:  <ZHDt21wFlpJfQKEs@www.zefox.net> <945C9B6D-F2A8-4F0D-BDB0-49A3DE870168@karels.net> <ZHD%2BND6ilBGaOgcv@www.zefox.net> <CAG5KPzwLheqT_EuiexFRJuD4PyFNzyhCQfmToe4myr3K3YfKpQ@mail.gmail.com> <ZHEGpyKSWj4X/6Lk@www.zefox.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
bob prohaska wrote:
> On Fri, May 26, 2023 at 07:48:04PM +0100, Ben Laurie wrote:
>> -T on ls will give you full time resolution...
>>
> More's the wonder:
> root@www:/usr/src # ls -lT /etc/*p*wd*
> -rw-------  1 root  wheel   2099 May 10 17:20:33 2023 /etc/master.passwd
> -rw-r--r--  1 root  wheel   1831 May 10 17:20:33 2023 /etc/passwd
> -rw-r--r--  1 root  wheel  40960 May 10 17:20:33 2023 /etc/pwd.db
> -rw-------  1 root  wheel  40960 May 10 17:20:33 2023 /etc/spwd.db
> 
> For sake of clarity, /etc/master.passwd's root line is
> root::0:0::0:0:Charlie &:/root:/bin/sh
> while /etc/passwd's root line is
> root:*:0:0:Charlie &:/root:/bin/sh
> 
> I just noticed a second host (Pi3) which is similarly affected.
> It completed a build/install cycle on May 25, uname -a yields
> FreeBSD www.zefox.org 14.0-CURRENT FreeBSD 14.0-CURRENT #46 main-n263122-57a3a161a92f: Thu May 25 21:25:57 PDT 2023     bob@www.zefox.org:/usr/obj/usr/src/arm64.aarch64/sys/GENERIC arm64
> 
> On this host I get
> root@www:/usr/src # ls -lT /etc/*p*wd*
> -rw-------  1 root  wheel   1796 Nov 12 16:00:03 2022 /etc/master.passwd
> -rw-r--r--  1 root  wheel   2430 Oct  1 19:40:22 2020 /etc/passwd
> -rw-r--r--  1 root  wheel  40960 Oct  1 19:40:22 2020 /etc/pwd.db
> -rw-------  1 root  wheel  40960 Oct  1 19:40:22 2020 /etc/spwd.db
> (at least the dates make more sense)
> 
> The root line in /etc/master.passwd is
> root::0:0::0:0:Charlie &:/root:/bin/sh
> 
> I didn't catch any null password reports in the security emails,
> most likely through lack of attention. As with the first case,
> passwords seem to work normally (null rejected, normal accepted).

The question is how you update the configuration files,
mergemaster/etcupdate/something else?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61e30711-f0da-2f42-3a6f-9bd91fc6b1ce>