base system on boot floppies 2.2.3 broken
hi,
the other day i used the new boot floppies labeled 2.2.3 on the ftp
site and found when i installed the system the permissions were all
screwed up, today a post from debian-user with the same problem:
I am not sure which package the base system falls under I would guess
boot-floppies? I have not yet filed a bug report...
[ quoting post from debian-user ]
On 30/12/99 matt garman wrote:
I just installed potato via the floppy+ftp method.
For some odd reason, I cannot "su" to root as a normal user, it
always says I have the wrong password. But I can switch to a
different virtual terminal and login as root with the same password,
no problem.
Also, as a user I tried to change my shell with "chsh" and when
it behaves the same as su, i.e. it always says wrong password for
my username. I can login with this password just fine, though.
I tried both commands several times slowly, so I cannot be typing
two different passwords incorrectly.
I just reinstalled a potato system 3 days ago using the 2.2.3 potato
boot floppies and the base system was installed with massively wrong
permissions:
1) there were NO suid/sgid binaries, including chsh, chfn, login,
passwd, su et al this means ONLY root may login to the virtual
consoles, any other uids will fail. this also means su chsh, chfn et
al will not work. nothing pam related will work since
/sbin/unix_chkpwd is not suid.
2) any file or directory that has a symlink associated with it has
permissions of 777 this includes much of the libc, /sbin/init
/usr/sbin/adduser, and many many many more. also most of
/usr/share/doc had mode 777.
3) most of /dev/* has wrong owners/permissions, i just rm -rf ed it
and grabbed a properly extracted version from base2_2.tgz
unfortunately i did not notice this massive mess till after i
installed the rest of the system so i had to do many finds (for all
the mode 777 stuff) and general looking around to fix the huge
security hole, for the suid/sgid i extracted a copy of the base
system into a temporary directory with tar -zxvpf and did finds for
all suid/sgid and set the modes manually (there are not to many in
the base system) I also has to take the /dev/ directory from manually
extracted base and replace the screwed up version that i had. i also
used the base as a reference for what the right permissions were for
the 777 stuff as well as owners/groups.
At 20:21 -0600 30/12/99, matt garman wrote:
Yup, what you described is exactly what happened on my system. Gives
new meaning to "unstable," eh?
--
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Reply to: