Re: [Bug 276777] Enabling BSM/audit security can prevent root login
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 276777] Enabling BSM/audit security can prevent root login"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 06 Feb 2024 00:55:40 UTC
On Tue, Feb 06, 2024 at 12:33:54AM +0000, bugzilla-noreply@freebsd.org wrote: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276777 > > --- Comment #1 from Tim Hogard <thogard@abnormal.com> --- > It appears this was due to older flags in /etc/security/audit_control > If the old Solaris flags were added, specifically ua and pm, and since they > aren't in /etc/security/audit_class, the audit mask isn't created and since it > isn't created, root can't log in on the console. > > I think the login code should allow root to login in the case of a bad (or > undefined) audit mask to prevent being locked out of a system. [snip discussion of alternative ways, like adding support for the Sun flags] Hmm, I could be wrong here, I have not really used the audit facility, but if managing to corrupt the audit control file could lead to being able to log in as root, even if the previous configuration disallowed that for some cases, would that not introduce a new attack vector? G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13