Re: HUGE security hole??!! (Re: Lost root passwd)

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
From: "Ralf G. R. Bergs" <rabe@RWTH-Aachen.DE>
Date: Mon, 12 Oct 1998 14:58:39 +0100
Message-id: <[🔎] 199810121355.OAA06510@Server.RZ.RWTH-Aachen.DE>
Reply-to: "Ralf G. R. Bergs" <rabe@RWTH-Aachen.DE>

On Mon, 12 Oct 1998 05:21:25 -0700 (PDT), Kenneth Scharf wrote:

>This is a security hole ONLY if someone has access to the machine
>itself.

This is not exactly uncommon, especially in computer labs.

>>What's wrong with giving LILO a kernel command line of "init=/bin/sh"?
>This way 
>>you boot straight into sh, and you can then change the root password.
[...]
>Ouch, I tried it, it really works!!!! That means on a standard
>Linux-machine, everybody could just switch off the power, give the
>LILO-kernel option on reboot and be root??!! Why not simply drop the
>need of a login password?

You can give LILO the "password" option in lilo.conf so that people must enter a 
password when they try to specify different kernel options than the default ones.


-- 
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-877776 (fax) * rabe@rwth-aachen.de  * PGP ok!

Reply to:

Prev by Date: Re: ncurses segmentation fault
Next by Date: Re: unattended ftp
Previous by thread: ***HUGE*** security hole??!! (Re: Lost root passwd)
Next by thread: Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
Index(es):
- Date
- Thread

Re: ***HUGE*** security hole??!! (Re: Lost root passwd)

Re: HUGE security hole??!! (Re: Lost root passwd)