* Joco Salvatti <[EMAIL PROTECTED]> [2006-06-21 11:38]: > My doubts may seem fool, so thanks in advance for those who will read > this e-mail and may help me with my doubts. > > 1. Why doesn't passwd ask superuser's current password when it's run > by the superuser to change its own password? May not it be considered > a serious security flaw?
No. you're already root. You can also do: vipw cat /etc/master.passwd | sed s/root:.+:/root::/ > /tmp/shit && mv /tmp/shit /etc/master.passwd && pwd_mkdb etc. etc. etc. > > 2. Why doesn't the system ask the password, as a default action, to > log in the system, when entering in single user mode? May not it also > be considered a serious security flaw? And why doesn't exist a > different password to log in single user mode, instead of using root's > password? > No, because if you have single user mode you have physical access to the machine. if I have physical access to the machine I can plug in the usb key around my neck, boot the system on it instead, mount your disk and do the above from case one. > An real example: > > Let's suppose an attacker entered the room where an OpenBSD server is > located in, and by mistake the system administrator has forgotten to > logout the root login session. So the attacker could enter in single > user mode, without the need for the root password, and load a > malicious kernel module. He also could do millions of other things, > but changing root's password, because the system administrator would > notice it immediatelly. > I believe it could be more difficult for the attacker if there were a > different password to log in the system in single user mode. No, because even if you didn't forget to log out, read the above. If I have physical access to your machine, you are fucked. it's that simple. I don't need to have you logged in as root to get single user - I simply hit the power button, and boot single user, or boot up the usb key/cdrom/floppy/zaurus-set-up-as-a-boot-server-in-me-pocket that is in my pocket, which I already have root and all the malicious shit I want on it and can copy on to your disk. And face it, your machine's bios is *not* openbsd and is *not* secure. period. IMNSHO, a root password for single user makes the system *LESS* secure, and I'm dead serious. I would object to any attempt to commit changes to OpenBSD to have one by default. Why? Real simple: *because you asked this question*. - Now I'm not just crapping on you, every new sysadmin I know asks this. The point is, if OpenBSD put a root password on single user, you might be tempted to think that somehow, someway, a not-physically secured machine was secure, and be tempted to deploy it that way. And don't laugh, I've seen the assumption made (I work at a university). My point is that putting "security" measures in place that do not do anything because of equivalent access make people believe that they *do* do something, and therefore people make incorrect assumptions and do things insecurely. "Physical access is everything highness. Anyone who says differently is selling something." -Bob