>Number:         3155
>Category:       bin
>Synopsis:       init(8) may lock you out of single-user mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 29 00:20:00 1997
>Last-Modified:
>Originator:     Klaus Klein
>Organization:
private site
>Release:        970128
>Environment:
[mi]

>Description:
init(8) will effectively lock you of single-user mode if the console is
set 'insecure' AND root's password field is empty.

>How-To-Repeat:
In /etc/ttys, set the console 'insecure', give root an "empty" password.
After that, shut your system down and try to get a single-user mode shell.

>Fix:

RCS file: /cvsroot/netbsd/src/sbin/init/init.c,v
retrieving revision 1.1.1.1
diff -b -c -r1.1.1.1 init.c
*** init.c	1996/12/20 13:22:29	1.1.1.1
--- init.c	1997/01/28 23:51:22
***************
*** 584,590 ****
  		 */
  		typ = getttynam("console");
  		pp = getpwnam("root");
! 		if (typ && (typ->ty_status & TTY_SECURE) == 0 && pp) {
  			write(2, banner, sizeof banner - 1);
  			for (;;) {
  				clear = getpass("Password:");
--- 584,591 ----
  		 */
  		typ = getttynam("console");
  		pp = getpwnam("root");
! 		if (typ && (typ->ty_status & TTY_SECURE) == 0 && pp &&
! 		    *pp->pw_passwd != '\0') {
  			write(2, banner, sizeof banner - 1);
  			for (;;) {
  				clear = getpass("Password:");
>Audit-Trail:
>Unformatted: