HUGE security hole??!! (Re: Lost root passwd)

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: ***HUGE*** security hole??!! (Re: Lost root passwd)
From: "Norbert Nemec" <nobbi@cheerful.com>
Date: Sat, 10 Oct 1998 11:26:30 +0200
Message-id: <[🔎] 199810100927.JAA26183@hermes.germany.net>
Reply-to: "Norbert Nemec" <nobbi@cheerful.com>

On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:

>On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
>
>[...]
>>ALlow me to translate.  Boot the rescue disk as if you are installing,
>[whole story deleted]
>
>Hey guys, why so complicated???
>
>What's wrong with giving LILO a kernel command line of "init=/bin/sh"? This way 
>you boot straight into sh, and you can then change the root password.
>
>This is how I usually do it under Slackware, and even tho Debian uses shadow 
>passwords it should work the same way.


Ouch, I tried it, it really works!!!! That means on a standard
Linux-machine, everybody could just switch off the power, give the
LILO-kernel option on reboot and be root??!! Why not simply drop the
need of a login password?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Norbert "Nobbi" Nemec
Paul-Gerhardt-Str. 4
90765 Fuerth

Tel: 0911-761206
Fax: 0911-7658329
Email: nobbi@cheerful.com

Reply to:

Follow-Ups:
- Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
  - From: Michael Beattie <mickyb@es.co.nz>
- Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
  - From: George Bonser <grep@shorelink.com>

Prev by Date: Re: help(newbie): dpkg --configure emacs20 failed
Next by Date: Meta keys...
Previous by thread: Re: Internet via Proxy-Server?
Next by thread: Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
Index(es):
- Date
- Thread

***HUGE*** security hole??!! (Re: Lost root passwd)

HUGE security hole??!! (Re: Lost root passwd)