Re: Weird and insecure su problem

To: debian-user@lists.debian.org
Subject: Re: Weird and insecure su problem
From: Glyn Kennington <glyn.kennington@hertford.oxford.ac.uk>
Date: Fri, 15 Nov 2002 01:05:11 +0000
Message-id: <[🔎] 20021115010459.GC3234@corrosive.hertford.ox.ac.uk>
In-reply-to: <[🔎] ki08tuofsan8qglmrerkgq1hpkradek63p@4ax.com>
References: <[🔎] ki08tuofsan8qglmrerkgq1hpkradek63p@4ax.com>

Pigeon wrote:
> If, however, I enter _no_ password, I get:
> : command not found
> ' is not an octal number from 000 to 777
> : command not found
> : command not found
> 
> and a somewhat mangled prompt; then
> whoami
> root
> 
> - so I've su'ed to root without entering a password. WHAT?
> 
> Wondering about the mangled prompt, I did echo $PS1 | hexdump and got:
> 
> 68 5c 5c 3a 5c 77 20 24 0a 0d
>                         ^^^^^

Eek!  Sounds messy.  A few things to try:

fsck.  There could well be a mangled file there, especially when you shut
the system down without the normal shared libraries.  And the `not an octal
number' error suggest broken permissions somewhere.

Log in as root under X with [xwkg]dm - if traditional login is working, but
su is broken, see what else might be affected.

Check that /etc/passwd and /etc/shadow match the descriptions in `man
passwd` and `man shadow` respectively.  But *DON'T* send them here for a
second opinion.  You'll have to use the available information, or google for
example files, to judge for yourself if the format seems right.

Glyn

-- 
When I talk, you will talk.
When you talk, it will fall back into place.

Reply to:

Follow-Ups:
- Re: Weird and insecure su problem: FIXED
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

References:
- Weird and insecure su problem
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

Prev by Date: Re: Mozilla icon in titlebar
Next by Date: Re: Fixed libstdc++2.10-glibc2.2 package
Previous by thread: Weird and insecure su problem
Next by thread: Re: Weird and insecure su problem: FIXED
Index(es):
- Date
- Thread