From nobody@FreeBSD.org  Wed Sep 21 14:29:02 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 19B5616A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Sep 2005 14:29:02 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CAD8C43D46
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Sep 2005 14:29:01 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j8LET1O9021952
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Sep 2005 14:29:01 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j8LET1SB021914;
	Wed, 21 Sep 2005 14:29:01 GMT
	(envelope-from nobody)
Message-Id: <200509211429.j8LET1SB021914@www.freebsd.org>
Date: Wed, 21 Sep 2005 14:29:01 GMT
From: hady el-sayed <leo411man@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: full access to machine 
X-Send-Pr-Version: www-2.3

>Number:         86415
>Category:       i386
>Synopsis:       full access to machine
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-i386
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 21 14:30:25 GMT 2005
>Closed-Date:    Sat Oct 01 10:28:35 GMT 2005
>Last-Modified:  Sat Oct 01 10:28:35 GMT 2005
>Originator:     hady el-sayed
>Release:        FreeBSD 5.4
>Organization:
>Environment:
>Description:
when i delet the freebsd boot manger and use the power qwest boot manger to boot freebsd i have root access without password request and have full control on machine as root     
>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:

From: Nate Eldredge <nge@cs.hmc.edu>
To: bug-followup@FreeBSD.org, leo411man@yahoo.com
Cc:  
Subject: Re: i386/86415: full access to machine
Date: Fri, 30 Sep 2005 00:08:39 -0700 (PDT)

 This isn't a bug.  If you control the boot process there are any number of 
 ways to get at the operating system without a password.  This is a 
 feature: how else would you get back into the machine if you lost the root 
 password?  The simplest, documented way to do it without any special 
 software is just to enter "boot -s" at the loader prompt.
 
 Maintainers, you may want to close this.
 
 -- 
 Nate Eldredge
 nge@cs.hmc.edu

From: =?ISO-8859-1?Q?Bj=F6rn_K=F6nig?= <bkoenig@cs.tu-berlin.de>
To: bug-followup@FreeBSD.org,  leo411man@yahoo.com
Cc:  
Subject: Re: i386/86415: full access to machine
Date: Fri, 30 Sep 2005 14:25:45 +0200

 Fix:
      Lock your server cabinet.
State-Changed-From-To: open->closed 
State-Changed-By: vs 
State-Changed-When: Sat Oct 1 10:27:34 GMT 2005 
State-Changed-Why:  
Nate explained this quite well, I'll just add an 
"Works as advertised". Please get back to us, preferably on 
the mailing lists, if you need further advice! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86415 
>Unformatted:
