possible vulnerability

Albin Lidén albin.liden at gmail.com
Thu Feb 28 14:00:39 UTC 2019

Please do forward this to the right team

Wzup u BSD-govs!
I just thought about something related to BSD/UNIX and Linux security
What would happen if a user did execute a script which put the system into
a single user mode during when the OS i completely in multi-user-mode

that would lockup the passwd for the root to change his password WITHOUT
having it

wouldn't that be a risky action, by a possible hacker
maybe even a vulnerability, if you have forgotten to lock the mode when in
multi-user sufficiently

if the user just went into that mode, without any root shell he would be
root and he would have access to mount and also to passwd

just pondering about this, realized it could be a possible backdoor or
other way round the otherwise strict security

no need to reply, simply check this, if you believe I could be right

another possible way around security would be to reload the freebsd boot
loader, but NOT reboot the system. then run in single user mode

such as nintendo once had a bug which allowed exploits to access the
3ds-mode, when it was unlocked, 3ds roms may be ran without restrictions

thank u guys
have a good one!

More information about the freebsd-questions mailing list