Blank password works for root

Bill Beeman bbeeman at beemangroup.com
Fri Jan 9 06:02:49 UTC 2004 

 -----Original Message-----
> From: fedora-list-admin at redhat.com
> [mailto:fedora-list-admin at redhat.com]On Behalf Of Frank Turscak
> Sent: Thursday, January 08, 2004 9:23 PM
> To: fedora-list at redhat.com
> Subject: Re: Blank password works for root
>
>
> Bill Beeman wrote:
>
> >"Bevan C. Bennett" <bevan at fulcrummicro.com> wrote in message
> >news:3FFE03D5.5030505 at fulcrummicro.com...
> >
> >
> >>Bill Beeman wrote:
> >>
> >>
> >>>I just discovered that I can log into my FC1 box as root
> with either the
> >>>root password, or by simply leaving the password blank!
> >>>
> >>>Functions this way from a command line, or in a terminal
> within either
> >>>KDE or Gnome.
> >>>
> >>>
> >>What exactly are you doing to 'log in'?
> >>Is this with 'su' from an existing command line, from the system
> >>console, or with a remote access program like ssh, telnet or rlogin?
> >>
> >>If possible, see if the behavior is consistant between
> using su after
> >>logging in as a non-root user, logging in on console, or
> connecting with
> >>ssh?
> >>
> >>The first place I'd look in this case is in /etc/pam.d/
> >>See if there are any files named *.rpmnew and if so check out the
> >>differences between them and the originals. Look especially
> to see if
> >>anything has pam_rootok.so listed, and where.
> >>
> >>
> >
> >This is consistent, whether from console, existing command
> line, or ssh from
> >elsewhere,
> >and works whether logging in as root, or by su from another user.  In
> >essence, no
> >root security.
> >
> >I've run chkrootkit-0.43, which comes up clean.
> >
> >However, comparing /etc/pam.d/system-auth with
> system-auth.rpmnew, I noticed
> >the line
> >
> >auth       sufficient     /lib/security/$ISA/pam_unix.so
> likeauth nullok
> >
> >in both. removing "likeauth nullok" seems to solve the
> problem, but leaves
> >the question of how it got that way.  System-auth notes that
> it will be
> >regenerated and user changes discarded when authconfig is
> run.  I'll play
> >with that a bit, but don't recall running that before.
> Anyone have any ideas
> >what may have generated this?
> >
> >Bill
> >
> >
> >Run "man sudoers".  Seems to me something in the file
> "/etc/sudoers" might have gone awry.
> >
> >
> Frank
>

In /etc/sudoers, the only uncommented line is:

root	ALL=(ALL)  ALL

which looks OK.  Running authconfig puts the "likeauth nullok" back into
system-auth, which recreates the problem.  Looks like I need to put more
time into the pam man pages.

Bill

More information about the fedora-list mailing list