Date: Sat, 18 Apr 1998 02:30:01 +0200 (CEST) From: Leif Neland <leifn@image.dk> To: "Ian O'Friel" <Genius@glasgow.crosswinds.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Potential Problem.... Message-ID: <Pine.BSF.3.96.980418022726.1225G-100000@darla.swimsuit.roskildebc.dk> In-Reply-To: <000101bd6a49$44e5a720$41f14ac2@metallica>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Apr 1998, Ian O'Friel wrote: > I am setting up a system for friends and family to dial-up my PC running > FreeBSD 2.2.5. The machine has Advanced power Management so I edited rc.conf > so that the APM line read "YES" instead of "NO" but I mistakenly pur in "YES > with only one speech mark. I had set my machine up with several groups and > lots of users... but I found that after rebooting this problem caused an > error in the startup procedure and automatically logged in as root. I think > this could be a pontential problem if someone got access to the rc.conf file > diliberately removed a few characters and rebooted the would be logged in as > root which would allow them to create hell...... > > Any comments ? > That's can't happen, because rc.conf is (should) be writable only by root. If there is physical access to the machine, then you should mark the console unsecure in /etc/ttys, otherwise the evil fellow can boot the machine in single user mode, and log in without password. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980418022726.1225G-100000>