From nobody Fri Jan 9 10:25:14 1998 Received: (from nobody@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA25618; Fri, 9 Jan 1998 10:25:14 -0800 (PST) (envelope-from nobody) Message-Id: <199801091825.KAA25618@hub.freebsd.org> Date: Fri, 9 Jan 1998 10:25:14 -0800 (PST) From: ken@bolingbroke.com To: freebsd-gnats-submit@freebsd.org Subject: Security compromised on new installation of FreeBSD X-Send-Pr-Version: www-1.0 >Number: 5470 >Category: conf >Synopsis: Security compromised on new installation of FreeBSD >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 9 10:30:00 PST 1998 >Closed-Date: Fri Jan 9 18:10:20 PST 1998 >Last-Modified: Fri Jan 9 18:10:37 PST 1998 >Originator: Ken Bolingbroke >Release: 2.2.5-RELEASE >Organization: >Environment: FreeBSD sacto.bolingbroke.com 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Tue Oct 2114:33:00 GMT jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC i386 >Description: After initial network installation of FreeBSD, using the /stand/sysinstall utility to add further software removes any modified user db and replaces it with the default including a root account with *no* password. I only noticed this when I got console messages of an attempted root login. My system was compromised and at least one trojan horse was found on this system. Since it was a new installation, I just wiped the hard disk and started over, but using /stand/sysinstall again wiped my new user db and cleared the root password. I haven't isolated the problem, but I'm using /stand/sysinstall after the initial installation because X-Windows doesn't seem to install correctly... >How-To-Repeat: Use /stand/sysinstall to add additional software... >Fix: >Release-Note: >Audit-Trail: From: "Jordan K. Hubbard" To: ken@bolingbroke.com Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: conf/5470: Security compromised on new installation of FreeBSD Date: Fri, 09 Jan 1998 16:17:39 -0800 > After initial network installation of FreeBSD, using the /stand/sysinstall > utility to add further software removes any modified user db and replaces > it with the default including a root account with *no* password. When you say "to add further software", what do you mean? You don't go and choose one of the bindist-containing "bundles" do you? You go to the custom screen and avoid reinstalling the bindist, right? If not, then your probably is pilot error and not actually a security hole - sysinstall is merely doing exactly what you told it to do and I can close this PR. :) Jordan State-Changed-From-To: open->closed State-Changed-By: jkh State-Changed-When: Fri Jan 9 18:10:20 PST 1998 State-Changed-Why: User installed bindist twice - this is the expected behavior. >Unformatted: