vulnerability in su?

krs at krs at
Sun Nov 9 06:26:52 PST 2003

On Sat, Nov 08, 2003 at 10:49:35PM -0800, Derrick Ryalls wrote:
> > 
> > while recently cvsup'ing my box here at home, i had a weird 
> > thing happen...
> > 
> > i had already built world, built and installed the kernel, 
> > installed world (including all 
> > appropriate reboots), and when i brought it back up, but 
> > prior to running mergemaster, i 
> > popped the jumper on the circuit the box is on.  my ups is 
> > somewhat wimpy, and only lasts 
> > a couple minutes (the fuse trips all the time too.. stupid 
> > apartment wiring can't handle 
> > 2 computers and the washer and dryer at once =P ) so i made 
> > it a priority to go ahead and 
> > shut the box down.  after fixing said jumper and bring the 
> > box back up i noticed that i 
> > could now su like a madman, without ever being prompted for 
> > passwords.  i then remembered 
> > that i hadn't run mergemaster yet, so i ran it again and 
> > rebooted for safe measure and su 
> > started asking for passwords again.
> > 
> I think the only time this happens is if the root password is blank.  It
> is possible that one of your mergemaster runs put in the default root
> password (blank).
well, it wasn't just the root password...  for example i was able to login to
one of my non-wheel accounts, su to my personal account (which is in wheel),
and then su right to root as well.  in addition, none of the passwords were
actually blank, because i actually plugged a monitor and keyboard into the box
and logged in locally as root, which required me to put my password in.  all
of my accounts did, in fact.


More information about the freebsd-questions mailing list