From nobody@FreeBSD.org  Wed Jul 24 20:18:40 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1BE0E37B400
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Jul 2002 20:18:40 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF56E43E42
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Jul 2002 20:18:39 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g6P3IdOT050318
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Jul 2002 20:18:39 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g6P3Id43050317;
	Wed, 24 Jul 2002 20:18:39 -0700 (PDT)
Message-Id: <200207250318.g6P3Id43050317@www.freebsd.org>
Date: Wed, 24 Jul 2002 20:18:39 -0700 (PDT)
From: Marcos Galindo <galindo@cable.net.co>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Random root access to non-root users from remote ssh shell
X-Send-Pr-Version: www-1.0

>Number:         40965
>Category:       i386
>Synopsis:       Random root access to non-root users from remote ssh shell
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    ceri
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 24 20:20:03 PDT 2002
>Closed-Date:    Sun Jun 08 11:03:25 PDT 2003
>Last-Modified:  Sun Jun 08 11:03:25 PDT 2003
>Originator:     Marcos Galindo
>Release:        4.6 release
>Organization:
Isec Ltd
>Environment:
4.6-RELEASE #0: Tue Jun 11 06:14:12 GMT2002 murray@builder freebsdmall.com :/usr/src/sys/compile/GENERIC i386      
>Description:
System runs an API on Postgresql 7.2 to control a small business. Users login remotely from freebsd, linux and windows machines via ssh. Remote root login is not allowed. Randomly, however, current users, using their usual login names and passwords, find they have logged-in as root. It usually happens a couple of times a day. The system is loaded with around 25 users. Any hint to look after ? Other than that, system runs perfectly and cleanly. Sorry for the release #0, I downloaded it from your ftp site. I expect to purchase a brand new  set next month during a trip to the US. I did, however, purchase two full 4.2 releases with Greg's books a couple of years ago which I did not really get to use.  I have currently been using linux. I tried 4.2 4.4 and 4.5 releases. 4.2 did not allow me to go beyond the initial installation steps. It found a 2gb hard disk too big. With 4.4 I could not get the Xwindow to work. With 4.5, burncd decided not to go. 4.6 has been very easy to instal
 l and burncd works nicelly for the backups. Everything runs as promissed. 
>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:

From: David Malone <dwmalone@maths.tcd.ie>
To: Marcos Galindo <galindo@cable.net.co>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: i386/40965: Random root access to non-root users from remote ssh shell
Date: Mon, 29 Jul 2002 10:56:08 +0100

 On Wed, Jul 24, 2002 at 08:18:39PM -0700, Marcos Galindo wrote:
 > System runs an API on Postgresql 7.2 to control a small business.
 > Users login remotely from freebsd, linux and windows machines via
 > ssh. Remote root login is not allowed. Randomly, however, current
 > users, using their usual login names and passwords, find they have
 > logged-in as root.
 
 Are they actually logged in as root or is it just that their prompt
 is getting set to something ending with a "#"? Can you send the
 output of the "id" command for a user who finds themselves in this
 situation?
 
 	David.
State-Changed-From-To: open->feedback 
State-Changed-By: dwmalone 
State-Changed-When: Thu Aug 8 02:49:05 PDT 2002 
State-Changed-Why:  
Waiting for feedback on this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40965 
State-Changed-From-To: feedback->closed 
State-Changed-By: ceri 
State-Changed-When: Sun Jun 8 11:03:23 PDT 2003 
State-Changed-Why:  
Feedback timeout (6 months or more). 
I will handle any feedback that this closure generates. 


Responsible-Changed-From-To: freebsd-bugs->ceri 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Sun Jun 8 11:03:23 PDT 2003 
Responsible-Changed-Why:  
Feedback timeout (6 months or more). 
I will handle any feedback that this closure generates. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40965 
>Unformatted:
