Date: Thu, 28 Feb 2019 19:02:33 +0100 From: Polytropon <freebsd@edvax.de> To: Albin =?ISO-8859-1?Q?Lid=E9n?= <albin.liden@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: possible vulnerability Message-ID: <20190228190233.139bccb1.freebsd@edvax.de> In-Reply-To: <CAB4bussd3jSa1dZ79=1K2FdMpHOv=Kv60Ju3gMb=VUo7YvpVcQ@mail.gmail.com> References: <CAB4bussd3jSa1dZ79=1K2FdMpHOv=Kv60Ju3gMb=VUo7YvpVcQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Feb 2019 15:00:22 +0100, Albin Lid=E9n wrote: > What would happen if a user did execute a script which put the system into > a single user mode during when the OS i completely in multi-user-mode >=20 > that would lockup the passwd for the root to change his password WITHOUT > having it THat's not directly possible. That script would need to have specific permissions to take the system down, which regular user scripts cannot do. This assumes that the user in question is a non-privileged user (not in groups like wheel, operator; not able to use su, sudo, super). When the system enters single-user mode, theere is a setting in /etc/ttys that might mark the system console as insecure (opposed to secure), and then the system would prompt for the root password. > wouldn't that be a risky action, by a possible hacker > maybe even a vulnerability, if you have forgotten to lock the mode when in > multi-user sufficiently As I mentioned, entering SUM from MUM requires the ability to shutdown the system, which regular users do not have. > if the user just went into that mode, without any root shell he would be > root and he would have access to mount and also to passwd The single-user mode is very restricted. It usually does not even come with a network connection, so local access would be a typical scenario. On the other hand, if a user has local =3D physical access to a machine, it's GAME OVER anyway. :-) > just pondering about this, realized it could be a possible backdoor or > other way round the otherwise strict security The term "backdoor" means something entirely different. What you are describing could be called a mis-configuration. Leaving the system console marked "insecure" is... well, it's insecure! :-) > another possible way around security would be to reload the freebsd boot > loader, but NOT reboot the system. then run in single user mode Again, this requires permissions a regular user does not have. Write access to devices and execution permission for specific programs would be needed to change things like a boot loader. FreeBSD is not DOS (not _that_ DOS, the other one). ;-) --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190228190233.139bccb1.freebsd>