[102504] in RedHat Linux List
Re: LILO Security problem
daemon@ATHENA.MIT.EDU (Ramon Gandia)
Thu Dec 3 16:17:25 1998
Date: Thu, 03 Dec 1998 08:24:33 -0900
From: Ramon Gandia <rfg@nook.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Ivan Scagnetto wrote:
> typing "single" after "linux"
> (or whatever label you have chosen to identify Linux OS) at the LILO
> promt everyone can access as root to the system without a password
> prompt!!!
> I cannot believe that there is a sysadmin that would allow to install such
> a system in a LAN since the security would be null.
> I hope that there is the possibility to fix it (in S.U.S.E. Linux there is
> also that feature, but the root password is asked for).
A reader suggested adding the lines "restricted" and "password=xx"
to /etc/lilo.conf.
While that works as far as it goes, let me reiterate: in a system
that has physical access there is NO security.
1. If you put in a LILO password, it is possible to bypass it by
booting from a floppy: into DOS or Linux.
2. If you password the BIOS, it only works at power-up. Check
yours, but the ones I've seen do not bring the password up
on a reboot.
3. If you get the BIOS to be password protected somehow, there
is still the jumper to reset the bios.
4. The hard drive can be stolen and mounted on another system.
Any sysadmin will tell you that the machine has to be locked up
or in a trusted environment or security is not much use. I think
that is a reasonable statement.
--
Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
285 West First Avenue rfg@nook.net
P.O. Box 970 tel. 907-443-7575
Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
