[Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 --- Comment #4 from Marie Helene Kvello-Aune --- Created attachment 164965 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=164965&action=edit /etc/rc.d/jail core dump -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
[Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 --- Comment #5 from Marie Helene Kvello-Aune --- I've reproduced this on 11-CURRENT (FreeBSD mpc.hjemme 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r293047M: Sat Jan 2 12:16:07 CET 2016 root@mpc.hjemme:/usr/obj/usr/src/sys/GENERIC amd64) When I press ctrl + \ while jails are being started, I see a notice about a core dump (attached) and I get the prompt to select which shell to use for single-user mode. When selecting shell, I have single-user mode on host system. This is with the default setting in /etc/ttys, where local console is considered secure. I tried pressing ctrl + \ constantly during rc.d execution but not during /etc/rc.d/jail script exectution, and this behaviour was NOT happening. It seems to be specific to the /etc/rc.d/jail script. Once I entered single-user mode, I saw all jails had started, even though the core dump and single-user mode happened while jail 2 out of 8 were being started. If I set local console to not be considered secure (i.e. require password to enter single-user mode), I am prompted for root password. This is definitely a bug, but considering it doesn't let you skip password on insecure console I wouldn't consider it a security issue. Please let me know if any more details are required to solve this problem. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
[Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 Jamie Gritton changed: What|Removed |Added CC||ja...@freebsd.org --- Comment #6 from Jamie Gritton --- This behavior seems normal and expected to me. I also tried repeatedly pressing ctrl-\ during a no-jails boot, and it gave me the single-user shell prompt. So this isn't just a jail situation. A simple glance at /etc/rc shows it's the desired behavior; look at the beginning of /etc/rc: | # Set shell to ignore SIGINT (2), but not children; | # shell catches SIGQUIT (3) and returns to single user. | # | trap : 2 | trap "echo 'Boot interrupted'; exit 1" 3 So not only is this just what the trap command did, it's exactly what the comment said it would do, as noted in base r130161. Am I missing something, or should I just close this? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
[Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 --- Comment #7 from Allan Jude --- If you want to not allow access to single user mode without a password prompt, try changing /etc/ttys to mark 'console' as 'insecure' from /etc/ttys: # If console is marked "insecure", then init will ask for the root password when going to single-user mode. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
[Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 --- Comment #8 from Marie Helene Kvello-Aune --- (In reply to Jamie Gritton from comment #6) With that in mind, I'll agree this PR can be closed. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
