Re: root access on bootup when core-files not found?
Just answered the question myself: The system entered single user mode and
that cleary IS wanted behaviour...
Sorry for bothering,
Simon
Simon Campese wrote:
> Hello,
>
> I recently set up a fresh, fully luks-encrypted debian machine (testing
> release) with a typo in my crypttab (for a system critical partition)
> using the lenny RC2 installer.
> After a reboot, the system tries to open the mistyped partition to be
> mounted on the critical path (in this case /var) but doesn't succeed. It
> then tries to su a maintenance shell (which it can't, as I disabled root
> logins), prints an error message (similar to "su failed, root login
> disabled") and then nevertheles drops to a root shell (without me entering
> a password).
>
> As I am quite new to Debian, this might be wanted behaviour but common
> sense tells me otherwise. I had root access to all mounted partitions so
> far without authenticating.
>
> I currently don't have time to investigate further but nevertheless
> thought that this could be of interest. By my understanding this behaviour
> should be reproduceable without using luks (by just deliberately placing
> an invalid "critical"-mountpoint into fstab or even by deleting a
> "critical" system directory and then trying to boot, both with disabled
> root-logins).
>
>
> Apologies for this incomplete posting,
>
> Simon
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: