Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
On Sat, Oct 10, 1998 at 11:26:30AM +0200, Norbert Nemec wrote:
> On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:
>
> >On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
> >
> >[...]
> >>ALlow me to translate. Boot the rescue disk as if you are installing,
> >[whole story deleted]
> >
> >Hey guys, why so complicated???
> >
> >What's wrong with giving LILO a kernel command line of "init=/bin/sh"? This way
> >you boot straight into sh, and you can then change the root password.
> >
> >This is how I usually do it under Slackware, and even tho Debian uses shadow
> >passwords it should work the same way.
>
>
> Ouch, I tried it, it really works!!!! That means on a standard
> Linux-machine, everybody could just switch off the power, give the
> LILO-kernel option on reboot and be root??!! Why not simply drop the
> need of a login password?
If you want a secure machine, put the hardware in a metal case, and give
nobody access to it. Especially, remove all connections, including the power
cord!
Serious,
Marcus
--
"Rhubarb is no Egyptian god." Debian GNU/Linux finger brinkmd@
Marcus Brinkmann http://www.debian.org master.debian.org
Marcus.Brinkmann@ruhr-uni-bochum.de for public PGP Key
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ PGP Key ID 36E7CD09
Reply to: