[10503] in bugtraq
OpenLinux 2.2: LISA install leaves root access without password
daemon@ATHENA.MIT.EDU (Andrew McRory)
Sun May 9 09:27:12 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.02.9905082300390.13930-100000@ns1.mailer.org>
Date: Sat, 8 May 1999 23:46:40 -0400
Reply-To: Andrew McRory <amacc@MAILER.ORG>
From: Andrew McRory <amacc@MAILER.ORG>
X-To: linux-security@redhat.com
To: BUGTRAQ@NETSPACE.ORG
Hello,
I believe I've found a bug in the installation process of OpenLinux 2.2
when using the LISA boot disk. During the installation a temporary passwd
file is put on the new file system containing the user "help" set uid=0
gid=0 and no password. Once you are prompted to set the root password and
default user password a new passwd and shadow file is created yet the help
user is left in the shadow file with, you guessed it, no password... Here
are the offending entries:
/etc/passwd
help:x:0:0:install help user:/:/bin/bash
/etc/shadow
help::10709:0:365:7:7::
Anyone who installed OpenLinux 2.2 using the LISA boot disk should check
their password file now ;-)
I found this using a cdrom I made from a mirror of the mirror at
ftp.tux.org. Just to make sure I wasn't mixed up I redownloaded the
install.144 file from ftp.calderasystems.com and tried again. Same thing.
The install disk is version 137 dated 26Mar99 (displayed on the boot
message).
I wrote Caldera a message late in the day Friday regarding this bug but
haven't heard back from anyone. I've tried to resist posting this until I
hear back but I really feel people should know now!!
PS: I'm not sure if Lizard, the graphical installation method, has this
problem. It crashes before it does much here.... that's why I tried LISA.
Thanks,
Andrew McRory - amacc@linuxsys.com ***********************************
Linux Systems Engineers / The PC Doctors *
3009-C West Tharpe Street - Tallahassee, FL 32303 *
Voice 850.575.7213 ***************************************************
