On 2016-02-20, [email protected] <[email protected]> wrote: > Some minutes ago I had a energy blackout here in my city. I was running > OpenBSD. > When I booted after energy came back, the system did the usual fsck. > But this time something went wrong and he just escaped to root, without > asking for any passphrase. > The system did a question like "point the path to sh", and I just typed > "/bin/sh" and he gained access to root. > I think this is a serious security problem folks. I have softraid_crypto, so > no problem for me, but one could (probably) induce this failure to access > root when no FDE configured and he have physical access (or remove, who know > with all these Intel AMT microcodes).
http://www.openbsd.org/faq/faq8.html#LostPW Read to the bottom of the question ("wait, that looked too easy"). We should add something about FDE to that question though.
