Bugtraq mailing list archives
OpenLinux 2.2: LISA install leaves root access without password
From: amacc () MAILER ORG (Andrew McRory)
Date: Sat, 8 May 1999 23:46:40 -0400
Hello, I believe I've found a bug in the installation process of OpenLinux 2.2 when using the LISA boot disk. During the installation a temporary passwd file is put on the new file system containing the user "help" set uid=0 gid=0 and no password. Once you are prompted to set the root password and default user password a new passwd and shadow file is created yet the help user is left in the shadow file with, you guessed it, no password... Here are the offending entries: /etc/passwd help:x:0:0:install help user:/:/bin/bash /etc/shadow help::10709:0:365:7:7:: Anyone who installed OpenLinux 2.2 using the LISA boot disk should check their password file now ;-) I found this using a cdrom I made from a mirror of the mirror at ftp.tux.org. Just to make sure I wasn't mixed up I redownloaded the install.144 file from ftp.calderasystems.com and tried again. Same thing. The install disk is version 137 dated 26Mar99 (displayed on the boot message). I wrote Caldera a message late in the day Friday regarding this bug but haven't heard back from anyone. I've tried to resist posting this until I hear back but I really feel people should know now!! PS: I'm not sure if Lizard, the graphical installation method, has this problem. It crashes before it does much here.... that's why I tried LISA. Thanks, Andrew McRory - amacc () linuxsys com *********************************** Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 ***************************************************
Current thread:
- Infosec.19990305.macof.a ian.vitek () INFOSEC SE (May 05)
- Re: Infosec.19990305.macof.a Emil Isberg (May 06)
- Re: Infosec.19990305.macof.a David Maxwell (May 06)
- <Possible follow-ups>
- Re: Infosec.19990305.macof.a Glen Turner (May 06)
- Re: Infosec.19990305.macof.a Alan Cox (May 07)
- Re: Infosec.19990305.macof.a Greg A. Woods (May 08)
- Re: Infosec.19990305.macof.a Alan Cox (May 09)
- OpenLinux 2.2: LISA install leaves root access without password Andrew McRory (May 08)
- Re: [linux-security] OpenLinux 2.2: LISA install leaves root Ralf Flaxa (May 09)
- SunOS 5.7 rmmount, no nosuid. Jonas Stahre (May 10)
- Re: SunOS 5.7 rmmount, no nosuid. C.J. Oster (May 10)
- nidsbench announcement Dug Song (May 13)
- Re: Infosec.19990305.macof.a Alan Cox (May 07)
- Adminisrivia Aleph One (May 10)
- [BIND-BUGS #18] Non-delegated master domains Ian Carr-de Avelon (May 10)
- Re: [BIND-BUGS #18] Non-delegated master domains Andrew Brown (May 11)
- Re: [BIND-BUGS #18] Non-delegated master domains Dan Busarow (May 11)
- ICQ Password Revealer Dmitri Alperovitch (May 10)
- Re: Adminisrivia Brian Fisk (May 10)