From nobody  Sat Oct 10 17:38:08 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA21419;
          Sat, 10 Oct 1998 17:38:08 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199810110038.RAA21419@hub.freebsd.org>
Date: Sat, 10 Oct 1998 17:38:08 -0700 (PDT)
From: bs@eunet.ch
To: freebsd-gnats-submit@freebsd.org
Subject: upgrade security breach
X-Send-Pr-Version: www-1.0

>Number:         8260
>Category:       misc
>Synopsis:       upgrade security breach
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 10 17:40:00 PDT 1998
>Closed-Date:    Sun Oct 11 07:30:15 PDT 1998
>Last-Modified:  Sun Oct 11 07:40:00 PDT 1998
>Originator:     Bernard Steiner
>Release:        3.0-19981010-BETA
>Organization:
>Environment:
FreeBSD grimma.anydomain.de 3.0-19980830-SNAP FreeBSD 3.0-19980830-SNAP #9: Tue Oct  6 19:11:34 CEST 1998     root@:/usr/src/sys/compile/GRIMMA  i386

>Description:
During an upgrade, it appears that the old password file gets temporarily
nuked by a password file that contains an empty root password.
There is no flashing sign mentioning this.

>How-To-Repeat:
Call upgrade from sysinstall
>Fix:
Put a *** SECURITY WARNING *** with appropriate kind words that it
may be a good idea to disable inetd and friends between the
upgrade-commit button and the actual upgrade.
This is a non-issue for installs running single user mode.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Sun Oct 11 07:30:15 PDT 1998 
State-Changed-Why:  
Pilot error. 

From: dag-erli@ifi.uio.no (Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?= )
To: bs@eunet.ch
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/8260: upgrade security breach
Date: 11 Oct 1998 16:30:03 +0200

 bs@eunet.ch writes:
 > Put a *** SECURITY WARNING *** with appropriate kind words that it
 > may be a good idea to disable inetd and friends between the
 > upgrade-commit button and the actual upgrade.
 > This is a non-issue for installs running single user mode.
 
 I, uh, don't know what to say, except maybe that if you think
 sysinstall's upgrade option was ever meant to work in multi-user mode,
 you are completely off your rocker. No offense.
 
 DES
 -- 
 Dag-Erling Smrgrav - dag-erli@ifi.uio.no
>Unformatted:
