From owner-freebsd-bugs Wed Jul 24 20:20:19 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4974F37B401 for ; Wed, 24 Jul 2002 20:20:06 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2698043E91 for ; Wed, 24 Jul 2002 20:20:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6P3K3JU053588 for ; Wed, 24 Jul 2002 20:20:04 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6P3K3SW053587; Wed, 24 Jul 2002 20:20:03 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BE0E37B400 for ; Wed, 24 Jul 2002 20:18:40 -0700 (PDT) Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF56E43E42 for ; Wed, 24 Jul 2002 20:18:39 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g6P3IdOT050318 for ; Wed, 24 Jul 2002 20:18:39 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.4/8.12.4/Submit) id g6P3Id43050317; Wed, 24 Jul 2002 20:18:39 -0700 (PDT) Message-Id: <200207250318.g6P3Id43050317@www.freebsd.org> Date: Wed, 24 Jul 2002 20:18:39 -0700 (PDT) From: Marcos Galindo To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: i386/40965: Random root access to non-root users from remote ssh shell Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 40965 >Category: i386 >Synopsis: Random root access to non-root users from remote ssh shell >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 24 20:20:03 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Marcos Galindo >Release: 4.6 release >Organization: Isec Ltd >Environment: 4.6-RELEASE #0: Tue Jun 11 06:14:12 GMT2002 murray@builder freebsdmall.com :/usr/src/sys/compile/GENERIC i386 >Description: System runs an API on Postgresql 7.2 to control a small business. Users login remotely from freebsd, linux and windows machines via ssh. Remote root login is not allowed. Randomly, however, current users, using their usual login names and passwords, find they have logged-in as root. It usually happens a couple of times a day. The system is loaded with around 25 users. Any hint to look after ? Other than that, system runs perfectly and cleanly. Sorry for the release #0, I downloaded it from your ftp site. I expect to purchase a brand new set next month during a trip to the US. I did, however, purchase two full 4.2 releases with Greg's books a couple of years ago which I did not really get to use. I have currently been using linux. I tried 4.2 4.4 and 4.5 releases. 4.2 did not allow me to go beyond the initial installation steps. It found a 2gb hard disk too big. With 4.4 I could not get the Xwindow to work. With 4.5, burncd decided not to go. 4.6 has been very easy to instal l and burncd works nicelly for the backups. Everything runs as promissed. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message