[Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jan 2 19:52:14 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268
--- Comment #5 from Marie Helene Kvello-Aune <marieheleneka at gmail.com> ---
I've reproduced this on 11-CURRENT (FreeBSD mpc.hjemme 11.0-CURRENT FreeBSD
11.0-CURRENT #0 r293047M: Sat Jan 2 12:16:07 CET 2016
root at mpc.hjemme:/usr/obj/usr/src/sys/GENERIC amd64)
When I press ctrl + \ while jails are being started, I see a notice about a
core dump (attached) and I get the prompt to select which shell to use for
single-user mode. When selecting shell, I have single-user mode on host system.
This is with the default setting in /etc/ttys, where local console is
considered secure.
I tried pressing ctrl + \ constantly during rc.d execution but not during
/etc/rc.d/jail script exectution, and this behaviour was NOT happening. It
seems to be specific to the /etc/rc.d/jail script.
Once I entered single-user mode, I saw all jails had started, even though the
core dump and single-user mode happened while jail 2 out of 8 were being
started.
If I set local console to not be considered secure (i.e. require password to
enter single-user mode), I am prompted for root password.
This is definitely a bug, but considering it doesn't let you skip password on
insecure console I wouldn't consider it a security issue.
Please let me know if any more details are required to solve this problem.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list