misc/64143: Security issue : fstab item missing causes automatic login as root without password when machine restarted.

Gerd Wachs gerd.wachs at telia.com
Thu Mar 11 23:10:01 PST 2004


>Number:         64143
>Category:       misc
>Synopsis:       Security issue : fstab item missing causes automatic login as root without password when machine restarted.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 11 23:10:01 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Gerd Wachs
>Release:        4.9 Release
>Organization:
>Environment:
>Description:
This is a security issue.
When an item in fstab no longer exists, and the machine is
restarted, FreeBSD logs you on as root without asking for a
password. You have full privilidges without having to select
a user or password.

>How-To-Repeat:
Clean installation.
Add a USB (Maxtor One Touch 120GB) to the machine.
Add a reference in the fstab so that it can be mounted.
Note that the reference has not been setup as automount.
Ensure that you can mount the device as normal.
Restart the machine with the device attached to confirm
normal request for user password occurs.
Shutdown the machine.
Remove the USB hard disk.
Restart the machine.
An error stating invalid device in the fstab.
You are asked for your shell with a default [bash\sh] for the root user.
You press enter, and you are into the system with root privileges
without having typed a password.
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list