[2129] in RedHat Linux List
Re: Is "linux single" a security concern?
daemon@ATHENA.MIT.EDU (Prince Moran of Timarash)
Thu Oct 31 19:12:22 1996
Date: Thu, 31 Oct 1996 20:03:53 -0500 (EST)
From: Prince Moran of Timarash <mouring@sarah.djmix.com>
To: redhat-list@redhat.com
In-Reply-To: <199610312310.SAA19197@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Fri, 1 Nov 1996, Joachim Paulini wrote:
> >
> > >I booted my box to try out the "linux single" lilo option, and I'm concerned
> > >that the resulting unprotected root shell is a fairly serious security
> > >concern.
> > >
> > >Not all machines can be physically secured (e.g. in a large office building,
> > >perhaps) and it seems that it would be a trivial way to gain root access to
> > >any Linux box.
> > >
> > Yes this is a security hole but it can be fixed somewhat with a password=
> > line in you lilo.conf. which will cause lilo to have a password
> >
>
> It is more secure to go into the BIOS settings and require a password
> to boot the machine. I guess most BIOS'es can do this. This way no one
> can boot other partitions (maybe there is also a DOS partition) or
> insert a boot floppy.
Problem is you lose the ability to reboot machines from afar. However
putting a BIOS password and putting boot being C:,A: will help. However
with Lilo and the password=xxxx item.. MAKE SURE that lilo.conf *IS* 500!!
Since the password is non-encoded.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
