Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
On Mon, 12 Oct 1998 05:21:25 -0700 (PDT), Kenneth Scharf wrote:
>This is a security hole ONLY if someone has access to the machine
>itself.
This is not exactly uncommon, especially in computer labs.
>>What's wrong with giving LILO a kernel command line of "init=/bin/sh"?
>This way
>>you boot straight into sh, and you can then change the root password.
[...]
>Ouch, I tried it, it really works!!!! That means on a standard
>Linux-machine, everybody could just switch off the power, give the
>LILO-kernel option on reboot and be root??!! Why not simply drop the
>need of a login password?
You can give LILO the "password" option in lilo.conf so that people must enter a
password when they try to specify different kernel options than the default ones.
--
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-877776 (fax) * rabe@rwth-aachen.de * PGP ok!
Reply to: