Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Mar 2004 23:05:27 -0800 (PST)
From:      Gerd Wachs <gerd.wachs@telia.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/64143: Security issue : fstab item missing causes automatic login as root without password when machine restarted.
Message-ID:  <200403120705.i2C75RpN082163@www.freebsd.org>
Resent-Message-ID: <200403120710.i2C7A1UE012068@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         64143
>Category:       misc
>Synopsis:       Security issue : fstab item missing causes automatic login as root without password when machine restarted.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 11 23:10:01 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Gerd Wachs
>Release:        4.9 Release
>Organization:
>Environment:
>Description:
This is a security issue.
When an item in fstab no longer exists, and the machine is
restarted, FreeBSD logs you on as root without asking for a
password. You have full privilidges without having to select
a user or password.

>How-To-Repeat:
Clean installation.
Add a USB (Maxtor One Touch 120GB) to the machine.
Add a reference in the fstab so that it can be mounted.
Note that the reference has not been setup as automount.
Ensure that you can mount the device as normal.
Restart the machine with the device attached to confirm
normal request for user password occurs.
Shutdown the machine.
Remove the USB hard disk.
Restart the machine.
An error stating invalid device in the fstab.
You are asked for your shell with a default [bash\sh] for the root user.
You press enter, and you are into the system with root privileges
without having typed a password.
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403120705.i2C75RpN082163>