[solved] Porteus security hole

Non release banter
Post Reply
donald
Full of knowledge
Full of knowledge
Posts: 1155
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

[solved] Porteus security hole

Post#1 by donald » 01 Apr 2016, 03:52

You can now easily get the root password as user "guest"
administrator please fix this hole imediately.
(as guest)..open up a terminal and run:

Code: Select all

echo '82 43/25 43+65P80P82P73P76P32P70P79P79P76P10P' | dc
:evil:
Last edited by donald on 02 Apr 2016, 21:26, edited 1 time in total.

User avatar
francois
Contributor
Contributor
Posts: 4932
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Porteus security hole

Post#2 by francois » 01 Apr 2016, 14:51

Donald, this security hole is really compromising my choice of porteus as my linux distribution. I am moving right away to Gentoo. :evil:
Voltaire: Le mieux est l'ennemi du bien.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4565
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus security hole

Post#3 by fanthom » 01 Apr 2016, 16:07

Damn - my Gentoo based kiosk is also affected ...
Please add [Solved] to your thread title if the solution was found.

User avatar
Ed_P
Contributor
Contributor
Posts: 3140
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 3.2.2 64-bit ISO
Location: Western NY, USA

Re: Porteus security hole

Post#4 by Ed_P » 01 Apr 2016, 16:25

OMG It's in the ISO files that I boot in AF mode. :shock:
Ed

User avatar
brokenman
Site Admin
Site Admin
Posts: 5455
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: Porteus security hole

Post#5 by brokenman » 01 Apr 2016, 19:31

I found the reason! I am remastering my ISOs now and removing the echo command. That should circumvent the problem until a patch is found. Thanks for the heart palpitations Donald!
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
francois
Contributor
Contributor
Posts: 4932
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Porteus security hole

Post#6 by francois » 01 Apr 2016, 20:57

Gosh! gentoo too! =@

What will I do. Is this the end of linux, plagued with this goddam security hole.? This hole is a black one. :shock:

Even relativity theory could not help us to solve this software nemesis. :crazy:
Voltaire: Le mieux est l'ennemi du bien.

User avatar
Slaxmax
Contributor
Contributor
Posts: 403
Joined: 03 Jan 2013, 09:51
Distribution: KDE4
Location: Campinas Brazil https://goo.gl/yrxwKi

Re: Porteus security hole

Post#7 by Slaxmax » 01 Apr 2016, 22:48

Works in windows :shock:
“DNA is like a computer program but far, far more advanced than any software ever created.”
― Bill Gates, The Road Ahead

Jack
Contributor
Contributor
Posts: 1063
Joined: 09 Aug 2013, 14:25
Distribution: Porteus 3.2.rc5 Mate 64 bit
Location: Marysville, OHIO USA

Re: Porteus security hole

Post#8 by Jack » 02 Apr 2016, 03:19

Here is my output.

Code: Select all

guest@porteus:~$ echo '82 43/25 43+65P80P82P73P76P32P70P79P79P76P10P' | dc
APRIL FOOL
guest@porteus:~$ 
Nice joke.
I just like Slackware because I think it teach you about Linux to build packages where Ubuntu is like Windows you just install programs you want.

User avatar
Ed_P
Contributor
Contributor
Posts: 3140
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 3.2.2 64-bit ISO
Location: Western NY, USA

Re: Porteus security hole

Post#9 by Ed_P » 02 Apr 2016, 03:32

Slaxmax wrote:Works in windows :shock:
:unknown:

Code: Select all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\Ed>echo '82 43/25 43+65P80P82P73P76P32P70P79P79P76P10P' | dc
'dc' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Ed>echo '82 43/25 43+65P80P82P73P76P32P70P79P79P76P10P'
'82 43/25 43+65P80P82P73P76P32P70P79P79P76P10P'

C:\Users\Ed>
Not on the version I run. :no: How did you do it?
Ed

User avatar
francois
Contributor
Contributor
Posts: 4932
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: Porteus security hole

Post#10 by francois » 02 Apr 2016, 12:25

You were fiooled! :D
Voltaire: Le mieux est l'ennemi du bien.

User avatar
wread
Module Guard
Module Guard
Posts: 1064
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Re: Porteus security hole

Post#11 by wread » 02 Apr 2016, 19:03

April, April!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

Post Reply