Re: Comments on security, Re: recover lost root password
On Sun, Mar 09, 2003 at 09:46:03AM +0000, Satish Iyer wrote:
> Hi,
> I am new user of Debian Gnu/Linux. I have
> successfully setup and started using the system (my
> understanding and knowledge grows day by day).
> To my current understanding security seems to be a
> major drawback of gnu/linux systems.(How else can you
> explain such gaping holes?).
_Ayy_ computer system that does not encrypt everything is vulnerable
once you have access to the computer itself.
> I am also inherently suspicious of anything that goes
> by "free" (Please try to convince me otherwise).
> As I see it an adminstrator has his task cut out for
> him to ensure the security and confidentiality of the
> organization. (Gnu/Linux doesn't make things easy in
> this crucial aspect!).
The first thing to do is to put a lock on the server room door. If this
is not possible, there's little a system administrator can do.
Frank
> Is there a gnu/linux community concerned with these
> issues?
> Regards,
> Satish
> --- Hugh Saunders <hugh@mjr.org> wrote: > On Sat, Mar
> 08, 2003 at 04:41:36PM -0800, Carla
> > Schroder wrote:
> > > Well here's a good one, is there a way to get into
> > a system when
> > > you've lost the root password? Without a CD or
> > boot floppy? Used to be
> > > you could pass in "init=/bin/sh" from LILO, and
> > work some /etc/shadow
> > > magic. (like copy the hashed root password from a
> > different system)
> > > But GRUB is different...
> > I just tried that from GRUB [selected the menu item
> > hit 'e' to edit on
> > the kernel line appened init=/bin/sh then 'b' to
> > boot] hey-presto no
> > flippin password needed! and there was me thinking
> > my laptop was almost
> > secure!!
> >
> > how can i prevent this from working?
> > [apart from bios password]
> >
> > hugh
> >
> >
> > --
> > To UNSUBSCRIBE, email to
> > debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
>
> ________________________________________________________________________
> Missed your favourite TV serial last night? Try the new, Yahoo! TV.
> visit http://in.tv.yahoo.com
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: