On Thu, Jul 05, 2001 at 02:50:43PM +0100, Stephen Stafford wrote:
> No, it wasn't. By default single user (runlevel 1) requires the root
> password before you are dropped to a shell. It is a security
> precaution which makes it harder for an attacker with physical access
> to do bad things.
yes thats true, except broken pam does not break that passwd prompt.
the prompt you see in single user mode is sulogin:
eb@socrates eb$ ldd /sbin/sulogin
libcrypt.so.1 => /lib/libcrypt.so.1 (0x0ffb3000)
libc.so.6 => /lib/libc.so.6 (0x0fe9d000)
/lib/ld.so.1 => /lib/ld.so.1 (0x30000000)
look ma! no pam!
the only way sulogin fails if your shadow/passwd files are corrupted
in such a way that they look valid, but really are not. sulogin will
skip passwd prompting if it looks like the passwd file has been
totally destroyed.
--
Ethan Benson
http://www.alaska.net/~erbenson/
Attachment:
pgp8LWcI5lYBn.pgp
Description: PGP signature