Able to log in root without password - bug? - Minix

This is a discussion on Able to log in root without password - bug? - Minix ; Dear all, I found that i can log in to Minix (running on VMWare Player) using the root account without typing the administrator password. Steps to reproduce: - Trigger fchk, for example using this procedure: - "echo xxx > test.txt" ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Able to log in root without password - bug?

  1. Able to log in root without password - bug?

    Dear all,

    I found that i can log in to Minix (running on VMWare Player) using the
    root account without typing the administrator password.

    Steps to reproduce:

    - Trigger fchk, for example using this procedure:
    - "echo xxx > test.txt"
    - Hard reset the system (that is, not using shutdown/reboot)

    - Use CTRL-C when fchk is run

    - Enter "root" at the prompt

    - The system will tell you "getty: can't exec /usr/bin/login" and will
    not ask for a password

    This results in a (somewhat crippled) shell with root permissions. Not
    all of the disk sections are properly mounted, but you can do this
    manually:

    - "mount /dev/c0d0p0s1 /home"
    - "mount /dev/c0d0p0s2 /usr"

    This way you get a nearly fully functional shell with root permissions
    without having to type the password once.


    I looked at the error message in the source code and found it in the
    "do_login" function in "commands/simple/getty.c". The interesting is
    that there's a comment here which says the situation cannot happen:


    Failed to exec login. Impossible, but true. Try a shell, but only if
    the terminal is more or less secure, because it will be a root shell.


    I think the code after this comment should probably be replaced by
    something that causes a panic rather than allow root access.

    With kind regards,
    Erik van der Kouwe

  2. Re: Able to log in root without password - bug?

    Erik van der Kouwe wrote:
    [...]
    > I think the code after this comment should probably be replaced by
    > something that causes a panic rather than allow root access.


    Remember that traditional unix systems rarely allowed console access to casual
    users --- the console was hidden away in a locked machine room somewhere and
    people actually accessed terminals (which aren't active in single-user mode).
    These days, modern unices tend to prompt for the root password before entering
    single-user mode, but that doesn't help you much. If you have physical access
    to the machine, you can always bypass any passwords by tinkering with the
    hardware --- for example, booting from a Minix livecd.

    --
    â•*─┈David Given┈──McQ─╮ "There are two major products that come out of
    │┈┈dg@cowlark.com┈┈┈┈│ Berkeley: LSD and Unix. We don't believe this to be
    │┈(dg@tao-group.com)┈│ a coincidence." --- Jeremy S. Anderson
    ╰─┈www.cowlark.com┈──╯

  3. Re: Able to log in root without password - bug?

    > > I think the code after this comment should probably be replaced by
    > > something that causes a panic rather than allow root access.

    >
    > Remember that traditional unix systems rarely allowed console access
    > to casual users --- the console was hidden away in a locked machine
    > room somewhere and people actually accessed terminals (which aren't
    > active in single-user mode). These days, modern unices tend to
    > prompt for the root password before entering single-user mode, but
    > that doesn't help you much. If you have physical access to the
    > machine, you can always bypass any passwords by tinkering with the
    > hardware --- for example, booting from a Minix livecd.


    It's true that if you have physical access you can always get into the
    machine, but this does definately make it much easier.

    Take, for example, the case that the Minix machines are used at a
    university. In this case people have physical access to the machines
    and can perform all of the steps i described. Booting from a Live CD is
    most likely blocked in the BIOS settings, which is typically password
    protected.

    Even in this case you can break into the system in another way, but
    probably only by screwing open the case to, for example, reset the BIOS
    settings. The steps i described allow one to break in without opening
    the computer.

  4. Re: Able to log in root without password - bug?

    Erik van der Kouwe wrote:
    [...]
    > Even in this case you can break into the system in another way, but
    > probably only by screwing open the case to, for example, reset the BIOS
    > settings. The steps i described allow one to break in without opening
    > the computer.


    Or, you could hit ESC during the boot process and play with the boot loader
    settings.

    Locking down machines if you have physical access is *really* hard. (I've
    broken into machines by unplugging the network and persuading them that Iwas
    a trusted server.) It's usually simply not worth the bother.

    --
    â•*─┈David Given┈──McQ─╮ "There are two major products that come out of
    │┈┈dg@cowlark.com┈┈┈┈│ Berkeley: LSD and Unix. We don't believe this to be
    │┈(dg@tao-group.com)┈│ a coincidence." --- Jeremy S. Anderson
    ╰─┈www.cowlark.com┈──╯

  5. Re: Able to log in root without password - bug?


    Markus E Leypold writes:



    Sorry -- Markus


  6. Re: Able to log in root without password - bug?



    David Given writes:

    > Erik van der Kouwe wrote:
    > [...]
    >> Even in this case you can break into the system in another way, but
    >> probably only by screwing open the case to, for example, reset the BIOS
    >> settings. The steps i described allow one to break in without opening
    >> the computer.

    >
    > Or, you could hit ESC during the boot process and play with the boot loader
    > settings.
    >
    > Locking down machines if you have physical access is *really* hard. (I've
    > broken into machines by unplugging the network and persuading them that I was
    > a trusted server.) It's usually simply not worth the bother.



    Well -- I'm not totally convinced here. My first gut reaction to the
    OP was, too, to invoke the "if you have physical access than the
    battle is lost anyway".

    But than I began to think: Having access to the PC case (which might
    be secured by some alarm mechanims against opening) is not the same as
    haveing access to a boot drive (i.e. floppy) which might be secured by
    some physical lock. Having access to some terminal or even the boot
    console is not the same as having physical access to the machine. All
    that doesn't apply especially to Minix and is perhaps far from its
    actual sceanrios of usage, but one might lock away the machine in the
    next room or a physically secured compartement/cabinet/rack and only
    leave screen and keyboard (or an X-terminal or a serial terminal)
    outside. So I'm not happy that Minix would give a shell without
    requiring a root pasword. If it wouldn't, in the scenario given, even
    without a bios password, the user would be able to ruin the machine
    (by putting funny things into the bios config) but he wouldn't be able
    to get access to the data nor would he be able to trojan the machine
    to get other peoples passwords.

    So I think there is a difference between physical access and access to
    the boot console.

    Regards -- Markus


  7. Re: Able to log in root without password - bug?

    In article ,
    Markus E Leypold
    wrote:
    >But than I began to think: Having access to the PC case (which might
    >be secured by some alarm mechanims against opening) is not the same as
    >haveing access to a boot drive (i.e. floppy) which might be secured by
    >some physical lock. Having access to some terminal or even the boot
    >console is not the same as having physical access to the machine.


    This sounds more like a nice student project then anything else.

    If you don't want users doing bad things, it is much better to restrict
    access to the machine to just access over the network, or over a serial
    port.

    But I doubt any patches will be rejected if somebody fixes this problem
    completely, and in a clean way. There are a number of places where you
    can get a root shell.


    --
    That was it. Done. The faulty Monk was turned out into the desert where it
    could believe what it liked, including the idea that it had been hard done
    by. It was allowed to keep its horse, since horses were so cheap to make.
    -- Douglas Adams in Dirk Gently's Holistic Detective Agency

  8. Re: Able to log in root without password - bug?

    Philip Homburg wrote:



    > But I doubt any patches will be rejected if somebody fixes this problem
    > completely, and in a clean way. There are a number of places where you
    > can get a root shell.


    Freely quoting Kees J Bot:
    "I expect any CS student to be able to get root access on any of our lab
    machines. You just cannot do very much with it that I don't want you to
    do."

    --
    Jens de Smit
    Student Computer Science | Vrije Universiteit Amsterdam
    jfdsmit@few.vu.nl | http://www.few.vu.nl/~jfdsmit

  9. Re: Able to log in root without password - bug?


    philip@ue.aioy.eu (Philip Homburg) writes:

    > In article ,
    > Markus E Leypold
    > wrote:
    >>But than I began to think: Having access to the PC case (which might
    >>be secured by some alarm mechanims against opening) is not the same as
    >>haveing access to a boot drive (i.e. floppy) which might be secured by
    >>some physical lock. Having access to some terminal or even the boot
    >>console is not the same as having physical access to the machine.

    >
    > This sounds more like a nice student project then anything else.


    I'm not sure what you mean by that or where there is / would be a
    project ...

    Whatever ...

    > If you don't want users doing bad things, it is much better to restrict
    > access to the machine to just access over the network, or over a serial
    > port.


    I agree that this would be the more pragmatic approach. I wouldn't say
    "better", since "better" depends on the circumstances. My contribution
    to this thread only had the purpose to point out that "physical access
    to the machine" is not quite the same as "physical access to keyboard
    and screen". In most situations (i.e. the "students in computer lab"
    scenario) the difference is only theoretical and one can safely lump
    both cases into one.

    But I can give at least one situation where the difference matters:
    Using Minix as a point of sale terminal (kiosk) / theater ticket /
    ticket vending machine: Here it would be uneconomical to add an extra
    serial terminal. Instead the keyboard and screen of the PC in that
    vending machine would be used, but therefore must not be trusted.

    In case anyone doubts that there are ticket vending machines that are
    build like that: The vending machines of the "Deutsche Bahn" just have
    a (AFAIK standard) laptop inside with a detached display. Sometimes
    (seldom) you could see a blue screen from NT4 :-).

    > But I doubt any patches will be rejected if somebody fixes this problem
    > completely, and in a clean way.


    Well -- wether this is a problem depends on the circumstances, as I
    tried to explain.


    > There are a number of places where you can get a root shell.


    I know :-).

    But again: Getting a root shell without logging in, is a bit different,
    from getting one after login. The first can be obtained by everyone
    passing through the room (like, i.e. the cleaning people ...), the
    other by only a possibly more restricted set of people.

    Regards -- Markus

  10. Re: Able to log in root without password - bug?

    In article ,
    Smit de JF wrote:
    >Philip Homburg wrote:
    >
    >
    >
    >> But I doubt any patches will be rejected if somebody fixes this problem
    >> completely, and in a clean way. There are a number of places where you
    >> can get a root shell.

    >
    >Freely quoting Kees J Bot:
    >"I expect any CS student to be able to get root access on any of our lab
    >machines. You just cannot do very much with it that I don't want you to
    >do."


    I must have been much smarter then, because I don't know what I meant by
    that now. Anyway, during the days when I was smart, I thought up
    something like this:

    Implement a password variable in the boot monitor. One types
    'password=xyzzy' and saves it, and if ESC is typed the next time then
    that password must by typed in to get to the monitor prompt.

    The password is passed to Minix as 'password=*' on a normal boot, or
    removed if it has been typed in. (Don't want 'sysenv' to show it.)

    The boot path keys on the existence of the password variable to lock up
    on a problem with an appropriate message, otherwise you get a root shell
    as before. (People tend to muck things up, so you want to give them a
    chance to fix it. For Minix, mucking things up is expected.)

    Of course, once I had a solution, the problem was no longer interesting
    enough to actually bother to write any code for.
    --
    Kees J. Bot, Systems Programmer, Sciences dept., Vrije Universiteit Amsterdam

  11. Re: Able to log in root without password - bug?

    On Tue, 05 Dec 2006 12:13:01 +0000, David Given wrote:

    > There are two major products that come out of
    > Berkeley: LSD and Unix.


    Would be funnier if either of them had actually come from Berkeley....

+ Reply to Thread