possible vulnerability

[Valeri Galtsev]

On 2/28/19 8:00 AM, Albin Lidén wrote:
> Please do forward this to the right team
> 
> Wzup u BSD-govs!
> I just thought about something related to BSD/UNIX and Linux security
> What would happen if a user did execute a script which put the system into
> a single user mode during when the OS i completely in multi-user-mode

Do we have a troll again? One has to know what level of privileges one 
has to have to do this or that before offering "insight" BS like this 
one IMHO.

Valeri

> 
> that would lockup the passwd for the root to change his password WITHOUT
> having it
> 
> wouldn't that be a risky action, by a possible hacker
> maybe even a vulnerability, if you have forgotten to lock the mode when in
> multi-user sufficiently
> 
> if the user just went into that mode, without any root shell he would be
> root and he would have access to mount and also to passwd
> 
> just pondering about this, realized it could be a possible backdoor or
> other way round the otherwise strict security
> 
> no need to reply, simply check this, if you believe I could be right
> 
> another possible way around security would be to reload the freebsd boot
> loader, but NOT reboot the system. then run in single user mode
> 
> such as nintendo once had a bug which allowed exploits to access the
> 3ds-mode, when it was unlocked, 3ds roms may be ran without restrictions
> 
> thank u guys
> have a good one!
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++