[Bug 718731] New: Root password does not work - you can enter everything
https://bugzilla.novell.com/show_bug.cgi?id=718731 https://bugzilla.novell.com/show_bug.cgi?id=718731#c0 Summary: Root password does not work - you can enter everything Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: Other OS/Version: openSUSE 11.4 Status: NEW Severity: Critical Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: f.thiessen@gmx.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0.2) Gecko/20100101 Firefox/6.0.2 I have installed 11.4 today and updated everything. Now I discovered, if any program like yast ask for the root password, I can enter everything and it works. So there is no security! One more information: I use two passwords, one for the user one for the root (so I configured that while the installation -> disabled the function "use password also for root" and entered an other password for the root). Reproducible: Always Steps to Reproduce: 1.Open a program which need the root password 2.enter any string 3.get access Actual Results: I can enter every combination of number, letters and special character to get root access. Expected Results: Only the correct root password should work! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c1
--- Comment #1 from Ferdinand Thiessen
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c
zj jia
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c
Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c
zj jia
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c2
Michael Calmer
Now I discovered, if any program like yast ask for the root password, I can enter everything and it works.
You are logged-in as a normal user and now you start a yast module. You get the UI of gnome-su or kdesu (which one?) which ask you for the root pasword. If you enter anything, yast is started. Is this correct, or do you mean something different? Please provide /var/log/messages .
One thing more: If I am logged in as root and entered passwd into terminal (to change root password), I got this: linux-4zng:~ # passwd Changing password for root. passwd: Permission denied
Please attach the following files: * /etc/pam.d/passwd * /etc/pam.d/common-auth * /etc/pam.d/common-account * /etc/pam.d/common-passwd * /etc/pam.d/common-session The common-* files may be symlinks to common-*-pc files. Please tell me, if this is the case on your system. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c3
--- Comment #3 from Ferdinand Thiessen
You are logged-in as a normal user and now you start a yast module. You get the UI of gnome-su or kdesu (which one?) which ask you for the root pasword. If you enter anything, yast is started.
Is this correct, or do you mean something different?
1. I use always KDE so kdesu. 2. Yes, you are right.
Please attach the following files:
* /etc/pam.d/passwd * /etc/pam.d/common-auth * /etc/pam.d/common-account * /etc/pam.d/common-passwd * /etc/pam.d/common-session
The common-* files may be symlinks to common-*-pc files. Please tell me, if this is the case on your system.
I have to check this, but I can not do that no (reinstalled openSUSE 11.3) but I can install openSUSE 11.4 again. BR, Ferdinand -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c4
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=718731
https://bugzilla.novell.com/show_bug.cgi?id=718731#c5
--- Comment #5 from Ferdinand Thiessen
participants (1)
-
bugzilla_noreply@novell.com