[102461] in RedHat Linux List
LILO Security problem
daemon@ATHENA.MIT.EDU (Ivan Scagnetto)
Thu Dec 3 08:02:48 1998
From: Ivan Scagnetto <scagnett@dimi.uniud.it>
To: redhat-list@redhat.com
Date: Thu, 3 Dec 1998 14:02:02 +0100 (MET)
Cc: scagnett@dimi.uniud.it
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Hello,
I am a Linux beginner. The first distribution I installed on my PC was
Slackware 3.0 and I was quite happy with it. Recently I decided to move to
RedHat 5.0 since my friends told me that it is more stable, it is well
supported, the installation and removal of programs is easier etc.
Indeed this is true, but there is a feature of RedHat 5.0 which appears to
me a serious security hole: more precisely typing "single" after "linux"
(or whatever label you have chosen to identify Linux OS) at the LILO
promt everyone can access as root to the system without a password
prompt!!!
I cannot believe that there is a sysadmin that would allow to install such
a system in a LAN since the security would be null.
I hope that there is the possibility to fix it (in S.U.S.E. Linux there is
also that feature, but the root password is asked for).
Thanks in advance,
Ivan
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
