Vulnerability Development mailing list archives
Re: Possible exploit in FreeBSD 4.0
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Fri, 27 Oct 2000 10:38:44 -0700
John Herron wrote: [snip]
to get in as "root". I was just curious if anyone had a box they could sacrifice to test that.. (installing more than your HD can handle) and see if they get the same results. If you have to be root to install (which seems to be the case) then I guess its only good for a physical access exploit.
If you are having trouble installing FreeBSD, it is really more of a topic to discuss on freebsd-questions () freebsd org than vuln-dev. The only security related issue you have mentioned is that you get root at the console of a fscked up machine. This is a feature not a bug. A FreeBSD system by default will drop into single-user mode at a reboot if it gets unrecoverable errors when trying to reach multi-user (which a full disk may very well cause). It drops to a root prompt without requiring a password. Again, this is a feature, not a bug, since the behavior can be disabled by labling the console as 'insecure' in /etc/ttys. If that is done, the system will still drop to single-user mode, but will require a password. HTH, and if you really have questions about an install, you can get some help at the FreeBSD questions list... just maybe think about putting newlines in your text every 72 columns or so rather than putting your paragraphs all on one line. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- Possible exploit in FreeBSD 4.0 John Herron (Oct 27)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Squid doesn't quote urls in error messages. Robert Collins (Oct 29)
- Re: Squid doesn't quote urls in error messages. 3APA3A (Oct 29)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 The Psychotic Viper (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Kris Kirby (Oct 30)
- <Possible follow-ups>
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 packetWhore (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Crist Clark (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 30)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)