vulnerability in su?

kirt krs at
Sat Nov 8 17:23:27 PST 2003

while recently cvsup'ing my box here at home, i had a weird thing happen...

i had already built world, built and installed the kernel, installed world (including all 
appropriate reboots), and when i brought it back up, but prior to running mergemaster, i 
popped the jumper on the circuit the box is on.  my ups is somewhat wimpy, and only lasts 
a couple minutes (the fuse trips all the time too.. stupid apartment wiring can't handle 
2 computers and the washer and dryer at once =P ) so i made it a priority to go ahead and 
shut the box down.  after fixing said jumper and bring the box back up i noticed that i 
could now su like a madman, without ever being prompted for passwords.  i then remembered 
that i hadn't run mergemaster yet, so i ran it again and rebooted for safe measure and su 
started asking for passwords again.

is this a known issue?  i didn't search to hard for a fix or anything since i quickly 
fixed it myself, but i thought that a situation like that could make for some interesting 
(read *bad*) situations.


More information about the freebsd-questions mailing list