Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 18 Apr 1998 02:30:01 +0200 (CEST)
From:      Leif Neland <leifn@image.dk>
To:        "Ian O'Friel" <Genius@glasgow.crosswinds.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Potential Problem....
Message-ID:  <Pine.BSF.3.96.980418022726.1225G-100000@darla.swimsuit.roskildebc.dk>
In-Reply-To: <000101bd6a49$44e5a720$41f14ac2@metallica>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On Fri, 17 Apr 1998, Ian O'Friel wrote:

> I am setting up a system for friends and family to dial-up my PC running
> FreeBSD 2.2.5. The machine has Advanced power Management so I edited rc.conf
> so that the APM line read "YES" instead of "NO" but I mistakenly pur in "YES
> with only one speech mark. I had set my machine up with several groups and
> lots of users... but I found that after rebooting this problem caused an
> error in the startup procedure and automatically logged in as root. I think
> this could be a pontential problem if someone got access to the rc.conf file
> diliberately removed a few characters and rebooted the would be logged in as
> root which would allow them to create hell......
> 
> Any comments ?
> 

That's can't happen, because rc.conf is (should) be writable only by root.
If there is physical access to the machine, then you should mark the
console unsecure in /etc/ttys, otherwise the evil fellow can boot the
machine in single user mode, and log in without password.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980418022726.1225G-100000>