Date: Tue, 11 Dec 2001 15:08:33 +0100 From: Wilko Bulte <wkb@freebie.xs4all.nl> To: John Baldwin <jhb@FreeBSD.ORG> Cc: Paul Richards <paul@freebsd-services.com>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, mini@haikugeek.com, Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>, Mike Barcroft <mike@FreeBSD.ORG> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <20011211150833.B69619@freebie.xs4all.nl> In-Reply-To: <XFMail.011210235132.jhb@FreeBSD.org>; from jhb@FreeBSD.ORG on Mon, Dec 10, 2001 at 11:51:32PM -0800 References: <616630000.1008044969@lobster.originative.co.uk> <XFMail.011210235132.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 10, 2001 at 11:51:32PM -0800, John Baldwin wrote: > > On 11-Dec-01 Paul Richards wrote: > > --On Monday, December 10, 2001 22:18:36 -0500 Mike Barcroft > > <mike@FreeBSD.org> wrote: > > > >> Mike Silbersack <silby@silby.com> writes: > >>> On Mon, 10 Dec 2001, Alfred Perlstein wrote: > >>> > >>> > > All these loader commits make it possible to overwrite the existing > >>> > contents of > a file on a UFS filesystem. > >>> > > >>> > Yay! One "cool" feaure at least from a security standpoint would > >>> > be adding a write once variable to turn this off so that one can't > >>> > use loader to smash /etc/passwd. > >>> > > >>> > John, or Jonathan... ? any plans on giving this a shot? > >>> > > >>> > -Alfred > >>> > >>> Hm, I wonder if write enabling should even be compiled into the loader by > >>> default - I think you're correct in suspecting that changing /etc/passwd > >>> will be the primary use of this feature. :| > >> > >> Why would someone use this feature to write to the password file, when > >> they can just boot into single user mode and use their favourite > >> editor? > > > > You need the superuser password to get to single user if the console is > > secure. The loader can be used to circumvent that now. > > As someone else has noted, setting your init path to /tmp/mybinary opens your > machine up to root rather trivially, and that doesn't require write access. > Note that we don't prevent doing 'more /etc/master.passwd' with which one can > then run crack against the root password or some other utility. The assumption Consoles and/or systems not kept under lock and key (physically I mean) are doomed anyway. Clear the CMOS passowrd (if set in the first place) and then boot from CD or floppy. Off you go.. -- | / o / /_ _ email: wilko@FreeBSD.org |/|/ / / /( (_) Bulte Arnhem, The Netherlands To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011211150833.B69619>