[2150] in linux-security and linux-alert archive
[linux-security] OpenLinux 2.2: LISA install leaves root access without password
daemon@ATHENA.MIT.EDU (Andrew McRory)
Sun May 9 06:43:15 1999
Date: Sat, 8 May 1999 23:46:40 -0400 (EDT)
From: Andrew McRory <amacc@mailer.org>
To: linux-security@redhat.com
cc: bugtraq@netspace.org
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Hello,
I believe I've found a bug in the installation process of OpenLinux 2.2
when using the LISA boot disk. During the installation a temporary passwd
file is put on the new file system containing the user "help" set uid=0
gid=0 and no password. Once you are prompted to set the root password and
default user password a new passwd and shadow file is created yet the help
user is left in the shadow file with, you guessed it, no password... Here
are the offending entries:
/etc/passwd
help:x:0:0:install help user:/:/bin/bash
/etc/shadow
help::10709:0:365:7:7::
Anyone who installed OpenLinux 2.2 using the LISA boot disk should check
their password file now ;-)
I found this using a cdrom I made from a mirror of the mirror at
ftp.tux.org. Just to make sure I wasn't mixed up I redownloaded the
install.144 file from ftp.calderasystems.com and tried again. Same thing.
The install disk is version 137 dated 26Mar99 (displayed on the boot
message).
I wrote Caldera a message late in the day Friday regarding this bug but
haven't heard back from anyone. I've tried to resist posting this until I
hear back but I really feel people should know now!!
PS: I'm not sure if Lizard, the graphical installation method, has this
problem. It crashes before it does much here.... that's why I tried LISA.
Thanks,
Andrew McRory - amacc@linuxsys.com ***********************************
Linux Systems Engineers / The PC Doctors *
3009-C West Tharpe Street - Tallahassee, FL 32303 *
Voice 850.575.7213 ***************************************************
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
