Possible security hole in FreeBSD 4.8-RELEASE????

Kris Kennaway kris at obsecurity.org
Fri Apr 23 04:45:10 PDT 2004

On Fri, Apr 23, 2004 at 01:38:47PM +0200, MaXX wrote:
> Good afternoon,
>     I have installed FreeBSD 4.8Release on a machine to experiment settings
> before attempting to place them on my "server". Due to a problem with the
> port system on this machine I decided to reinstall only the port system via
> sysinstall, during the process, I switched to anoter console (ttyv3) and
> login as root, the password was not asked...

You're asked to choose the root password when you first install the
system.  If you choose not to set it, then the account will have no
password.  By default you still cannot log in remotely to the root
account, or to accounts without passwords.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040423/bdf42d77/attachment-0001.bin

More information about the freebsd-questions mailing list