April Fool �ʤΤ� Fool Proof �� OS ����ޤ�����
Proof of Concept �ǤϤ���ޤ�����
- http://vps0.dan.co.jp/FoolBSD.tar.xz
- size: 630,891,664 bytes
- sha256sum: 893433cd6514f1466b57c48929a8130020265fbb915972b19c2b864da66cd73a
VMWare �β��ۥޥ���Ǥ��� �ޥ���ΥС������� 8���Ť�� Workstation �� Fusion �Ǥ�ư�����Ȼפ��ޤ���
�ޤ��ϥ������󤷤ƤߤƤޤ��礦���桼����̾:�ѥ���ɤ�fool:april�Ǥ������󥽡��뤸���Ǥ� SSH �Ǥ�OK�Ǥ���
FreeBSD/amd64 (foolbsd) (ttyv0) login: fool password: april FreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc package has been installed (or fetched via pkg install lang-freebsd-doc, where lang is the 2-letter language code, e.g. en), they are also available formatted in /usr/local/share/doc/freebsd. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the [email protected] mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. Edit /etc/motd to change this login announcement. fool@fool:~ %
�Ȥꤨ�������������ǧ���Ƥߤޤ��礦���դĤ��� FreeBSD 10 �˸����ޤ���
fool@fool:~ % uname -a FreeBSD fool 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 fool@fool:~ % last fool pts/0 Tue Apr 1 05:20 still logged in boot time Tue Apr 1 05:20 utx.log begins Tue Apr 1 05:20:57 JST 2014
�ͥåȥ���ˤ⥢���������Ƥߤޤ��礦��
fool@fool:~ % fetch http://www.example.com/
fetch.out 100% of 1270 B 8336 kBps 00m00s
fool@fool:~ % less fetch.out
<!doctype html>
<html>
<head>
<title>Example Domain</title>
��
������ȥ��������Ǥ��Ƥ���褦�Ǥ���
����Ǥϥ����ѥ桼�����ˤʤäƤߤޤ��礦����su�ǤϤʤ�sudo�򤪻Ȥ�����������
fool@fool:~ % sudo -i
Password: april
sudo�ʳ���pkg�ϻ��¾����äƤ��ʤ��ΤǤ������դĤ���pkg�Ǥ����������󥹥ȡ���Ǥ��ޤ���
���������Ǥ� Fool Proof �Ǥ��뤳�Ȥ��ǧ���Ƥ��������Τǡ�ϵ鴤�Ư���Ƥߤޤ���
root@fool:~ # rm -rf / rm: "/" may not be removed
���䡢Linux�Ȥ�����binutils��rm�⤽���Ǥ����Ƕ��rm����ľ�Ǥ���ޤ���ͤ���
�������Ƥߤޤ��礦��
root@fool:~ # rm -rf /.??* /* rm: /bin/rcp: Operation not permitted rm: /bin: Directory not empty rm: /dev/fd: Operation not supported rm: /dev/led: Operation not supported rm: /dev/usb: Operation not supported rm: /dev/iso9660: Operation not supported rm: /dev/gpt: Operation not supported rm: /dev/gptid: Operation not supported rm: /dev/pts: Operation not supported rm: /dev: Device busy rm: /lib/libc.so.7: Operation not permitted rm: /lib/libcrypt.so.5: Operation not permitted rm: /lib/libthr.so.3: Operation not permitted rm: /lib: Directory not empty rm: /libexec/ld-elf32.so.1: Operation not permitted rm: /libexec/ld-elf.so.1: Operation not permitted rm: /libexec: Directory not empty rm: /sbin/init: Operation not permitted rm: /sbin: Directory not empty rm: /usr/lib32/libthr.so.3: Operation not permitted rm: /usr/lib32/libcrypt.so.5: Operation not permitted rm: /usr/lib32/librt.so.1: Operation not permitted rm: /usr/lib32/libc.so.7: Operation not permitted rm: /usr/lib32: Directory not empty rm: /usr/lib/librt.so.1: Operation not permitted rm: /usr/lib: Directory not empty rm: /usr/bin/opiepasswd: Operation not permitted rm: /usr/bin/passwd: Operation not permitted rm: /usr/bin/login: Operation not permitted rm: /usr/bin/ypchpass: Operation not permitted rm: /usr/bin/rsh: Operation not permitted rm: /usr/bin/ypchsh: Operation not permitted rm: /usr/bin/su: Operation not permitted rm: /usr/bin/ypchfn: Operation not permitted rm: /usr/bin/chsh: Operation not permitted rm: /usr/bin/rlogin: Operation not permitted rm: /usr/bin/chfn: Operation not permitted rm: /usr/bin/crontab: Operation not permitted rm: /usr/bin/yppasswd: Operation not permitted rm: /usr/bin/opieinfo: Operation not permitted rm: /usr/bin/chpass: Operation not permitted rm: /usr/bin: Directory not empty rm: /usr: Directory not empty
schg�ե饰�������äƤ���ΤǤ��礦������蘆�äѤ�Ȥ����櫓�ˤϹԤ��ޤ���Ǥ�������������ǽ���ʬ�˻Ȥ�ʪ�ˤʤ�ʤ��ʤ�ޤ�����
root@fool:~ # ls / ls: Command not found.
�Ǹ�Τ��ɤ�����shell���������ޥ��echo�ǻij��򸫤Ƥߤޤ��礦��
root@fool:~ # echo /* /bin /dev /lib /libexec /sbin /usr root@fool:~ # echo /*/* /bin/rcp /dev/fd /dev/gpt /dev/gptid /dev/iso9660 /dev/led /dev/pts /dev/usb /lib/libc.so.7 /lib/libcrypt.so.5 /lib/libthr.so.3 /libexec/ld-elf.so.1 /libexec/ld-elf32.so.1 /sbin/init /usr/bin /usr/lib /usr/lib32
¸ʬ���˲��Ǥ��Ƥ���褦�Ǥ����⤦���줹��ˤ����ܥǡ����ƥ��Υ������˻��äƤ��������ʤ��ΤǤ��礦��?
���������Ȥ����㤤�ޤ��礦����
root@fool:~ # exit logout fool@fool:~ % exit logout
�ǡ��⤦���٥������󤷤ʤ����ƤߤƤ���������
FreeBSD/amd64 (foolbsd) (ttyv0) login: fool password:
�ʤ�Ȥ������ȤǤ��礦����ۤɤ�ϵ鴤θ�Ϥɤ��ˤ⸫������ޤ��󡣤���ɤ�������ۤɤΥ�������η��פޤǾä��Ƥ��ޤ����ߴĤ���?
������
���󥽡��뤫��root:evil�ǥ������󤷤ƤߤƤ������������ҤΤȤ���FoolBSD��SSH��Í���ˤ��Ƥ��ޤ�����root��������ϥǥե�����̤��ڤäƤ���Τǥ��󥽡���ɬ�ܤǤ���
���ȤϳƼ������Ȥ������Ȥǡ�
jail��ZFS���Ȥ߹�碌�Ϻǹ�Ǥ���!
����
�¤Ϥޤ�¿�ť�������ˤ�̤�б��Ǥ����б�����ˤϤɤ�������褤�Ǥ��礦?
�ޤȤ�
¨���ͥ��ˤ��Ƥϡ��빽�Ȥ��ɤ����ϰƳ�¿�����Ǥ��������С������α齬���ϥˡ��ݥåȤμ�����������;����
Enjoy!
Dan the Fool for *BSD
���Υ֥����˥����Ȥ���ˤ�����������ɬ�פǤ���
��������������
���ε����ˤϵ��ĥ桼�����������Ȥ��Ǥ��ޤ���