***HUGE*** security hole??!! (Re: Lost root passwd)
This is a security hole ONLY if someone has access to the machine
itself. I bet many UNIX machines have a similar problem. Thats why
I've seen PDP mini computers where the power switch was under lock and
key, and the front panel on these machines was also lockable. Most
PC's used to have a keyboard lock switch on the box which will render
the machine safe from such an attack (but unless the power switch is
locked someone could at least bring the thing down!) Don't bother
trying to fix this in software, to be secure from such an attack you
must secure the HARDWARE!!!!!
-------------------------------------------------------
On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:
>On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
>
>[...]
>>ALlow me to translate. Boot the rescue disk as if you are installing,
>[whole story deleted]
>
>Hey guys, why so complicated???
>
>What's wrong with giving LILO a kernel command line of "init=/bin/sh"?
This way
>you boot straight into sh, and you can then change the root password.
>
>This is how I usually do it under Slackware, and even tho Debian uses
shadow
>passwords it should work the same way.
Ouch, I tried it, it really works!!!! That means on a standard
Linux-machine, everybody could just switch off the power, give the
LILO-kernel option on reboot and be root??!! Why not simply drop the
need of a login password?
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
Reply to: