vulnerability in su?
kirt
krs at gaultopia.org
Sat Nov 8 17:23:27 PST 2003
while recently cvsup'ing my box here at home, i had a weird thing happen...
i had already built world, built and installed the kernel, installed world (including all
appropriate reboots), and when i brought it back up, but prior to running mergemaster, i
popped the jumper on the circuit the box is on. my ups is somewhat wimpy, and only lasts
a couple minutes (the fuse trips all the time too.. stupid apartment wiring can't handle
2 computers and the washer and dryer at once =P ) so i made it a priority to go ahead and
shut the box down. after fixing said jumper and bring the box back up i noticed that i
could now su like a madman, without ever being prompted for passwords. i then remembered
that i hadn't run mergemaster yet, so i ran it again and rebooted for safe measure and su
started asking for passwords again.
is this a known issue? i didn't search to hard for a fix or anything since i quickly
fixed it myself, but i thought that a situation like that could make for some interesting
(read *bad*) situations.
-kirt
More information about the freebsd-questions
mailing list