possible vulnerability

Polytropon freebsd at edvax.de
Thu Feb 28 18:02:38 UTC 2019

On Thu, 28 Feb 2019 15:00:22 +0100, Albin Lidén wrote:
> What would happen if a user did execute a script which put the system into
> a single user mode during when the OS i completely in multi-user-mode
> that would lockup the passwd for the root to change his password WITHOUT
> having it

THat's not directly possible. That script would need to have
specific permissions to take the system down, which regular
user scripts cannot do. This assumes that the user in question
is a non-privileged user (not in groups like wheel, operator;
not able to use su, sudo, super).

When the system enters single-user mode, theere is a setting
in /etc/ttys that might mark the system console as insecure
(opposed to secure), and then the system would prompt for the
root password.

> wouldn't that be a risky action, by a possible hacker
> maybe even a vulnerability, if you have forgotten to lock the mode when in
> multi-user sufficiently

As I mentioned, entering SUM from MUM requires the ability to
shutdown the system, which regular users do not have.

> if the user just went into that mode, without any root shell he would be
> root and he would have access to mount and also to passwd

The single-user mode is very restricted. It usually does not
even come with a network connection, so local access would
be a typical scenario. On the other hand, if a user has
local = physical access to a machine, it's GAME OVER anyway. :-)

> just pondering about this, realized it could be a possible backdoor or
> other way round the otherwise strict security

The term "backdoor" means something entirely different.
What you are describing could be called a mis-configuration.
Leaving the system console marked "insecure" is... well,
it's insecure! :-)

> another possible way around security would be to reload the freebsd boot
> loader, but NOT reboot the system. then run in single user mode

Again, this requires permissions a regular user does not have.
Write access to devices and execution permission for specific
programs would be needed to change things like a boot loader.
FreeBSD is not DOS (not _that_ DOS, the other one). ;-)

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list