Package: installation-reports INSTALL REPORT
Debian-installer-version: RC2 netinstall image for i386, downloaded from http://cdimage.debian.org/pub/cdimage-testing/sarge_d-i/i386/rc2/sarge-i386-netinst.iso on 20041126 uname -a: Linux chloe 2.6.8-1-386 #1 Thu Nov 25 04:24:08 UTC 2004 i686 GNU/Linux Date: 20041126, ~23:00 UTC Method: Burnt the netinstall image to CD, using the "expert26" boot parameter. Apt sources were unstable over HTTP from mirrors.kernel.org and ftp.debian.org (no proxy). Machine: Dell PowerEdge SC420 Processor: 2.8GHz Pentium 4 Memory: 256MB DDR2-400 SDRAM Root Device: 160GB SATA drive (/dev/sda2) Root Size/partition table: sda1 Primary Dell Utility 57.58 sda2 Boot Primary Linux ext3 [/] 39983.09 sda3 Primary Linux ext3 39999.54 sda5 Logical Linux swap / Solaris 1003.49 Debian was installed to /dev/sda2; /dev/sda3 is currently formatted but unmounted and unused. Output of lspci and lspci -n: Note: I took the Aureal Vortex sound card out of another machine; it didn't come with the SC420 (but it does work nicely in Debian). lspci: ------ 0000:00:00.0 Host bridge: Intel Corp. Server Memory Controller Hub (rev 04) 0000:00:01.0 PCI bridge: Intel Corp. Server Memory Controller Hub PCI Express Port (rev 04) 0000:00:02.0 VGA compatible controller: Intel Corp. Graphics Controller (rev 04) 0000:00:1c.0 PCI bridge: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 1 (rev 03) 0000:00:1c.1 PCI bridge: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 2 (rev 03) 0000:00:1d.0 USB Controller: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #1 (rev 03) 0000:00:1d.1 USB Controller: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #2 (rev 03) 0000:00:1d.2 USB Controller: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #3 (rev 03) 0000:00:1d.3 USB Controller: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #4 (rev 03) 0000:00:1d.7 USB Controller: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller (rev 03) 0000:00:1e.0 PCI bridge: Intel Corp. 82801 PCI Bridge (rev d3) 0000:00:1f.0 ISA bridge: Intel Corp. 82801FB/FR (ICH6/ICH6R) LPC Interface Bridge (rev 03) 0000:00:1f.1 IDE interface: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) IDE Controller (rev 03) 0000:00:1f.2 IDE interface: Intel Corp. 82801FR/FRW (ICH6R/ICH6RW) SATA Controller (rev 03) 0000:00:1f.3 SMBus: Intel Corp. 82801FB/FBM/FR/FW/FRW (ICH6 Family) SMBus Controller (rev 03) 0000:02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5751 Gigabit Ethernet PCI Express (rev 01) 0000:04:02.0 Multimedia audio controller: Aureal Semiconductor Vortex 2 (rev fe) lspci -n: --------- 0000:00:00.0 0600: 8086:2588 (rev 04) 0000:00:01.0 0604: 8086:2589 (rev 04) 0000:00:02.0 0300: 8086:258a (rev 04) 0000:00:1c.0 0604: 8086:2660 (rev 03) 0000:00:1c.1 0604: 8086:2662 (rev 03) 0000:00:1d.0 0c03: 8086:2658 (rev 03) 0000:00:1d.1 0c03: 8086:2659 (rev 03) 0000:00:1d.2 0c03: 8086:265a (rev 03) 0000:00:1d.3 0c03: 8086:265b (rev 03) 0000:00:1d.7 0c03: 8086:265c (rev 03) 0000:00:1e.0 0604: 8086:244e (rev d3) 0000:00:1f.0 0601: 8086:2640 (rev 03) 0000:00:1f.1 0101: 8086:266f (rev 03) 0000:00:1f.2 0101: 8086:2652 (rev 03) 0000:00:1f.3 0c05: 8086:266a (rev 03) 0000:02:00.0 0200: 14e4:1677 (rev 01) 0000:04:02.0 0401: 12eb:0002 (rev fe) Base System Installation Checklist: [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it Initial boot worked: [O] Configure network HW: [O] Config network: [O] Detect CD: [O] Load installer modules: [O] Detect hard drives: [O] Partition hard drives: [O] Create file systems: [O] Mount partitions: [O] Install base system: [O] Install boot loader: [O] Reboot: [E] Comments/Problems: Error with reboot was http://bugs.debian.org/277298. This problem is fixed in the latest 2.6.8 kernel package in the unstable tree (kernel-image-2.6.8-1-386_2.6.8-10_i386.deb). A more bothersome (security-related) problem is that when the network-console udeb is loaded and used to remotely access the install process via SSH, the "installer" user isn't deleted from the system at the end of the install process. Here's what I did: - Booted from the RC2 netinstall CD for i386 with the expert26 boot option - Loaded the "network-console" udeb so that I would be able to SSH into the installer - When I was given the option to "Continue installation remotely using SSH", I set a password for the installer user and then used it to SSH in from another machine. The screen where you set the "installer" user's password says, "This password is used only by the Debian installer, and will be discarded once you finish the installation." However, this is not the case - this user persists after completion of the install and rebooting, etc. >From /etc/passwd: installer:x:0:0:installer:/:/usr/sbin/base-config-network-console >From /etc/shadow (password is 'password'): installer:$1$.a.mY5c.$rUQXKaPfTgLhzLOTpY3sZ.:1:0:99999:7::: Although this is mitigated by the fact that /usr/sbin/base-config-network-console doesn't exist after the install, an attacker that has gained root via privilege escalation or exploiting a privileged daemon can just create a symlink from /usr/sbin/base-config-network-console to /bin/bash. The "installer" user's password is most likely easier to crack than the root password, since the administrator has been told that the installer user will not persist. Since the default configuration of the Debian ssh package includes "PermitRootLogin yes", the attacker can crack the weaker "installer" password, create the symlink, and thus gain remote root access via SSH. The administrator probably won't even realize that this account exists, and this will also slip past file integrity checkers watching /etc/passwd and /etc/shadow since modifying these files is unnecessary if the "installer" password can be cracked. Thanks, - Colleen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
