[2136] in RedHat Linux List
Re: Is "linux single" a security concern?
daemon@ATHENA.MIT.EDU (Mike Sangrey)
Thu Oct 31 20:32:46 1996
To: redhat-list@redhat.com
In-reply-to: Your message of "Thu, 31 Oct 1996 16:36:58 EST."
<199610312136.QAA00435@hexagram.brickandivy.com>
Date: Thu, 31 Oct 1996 19:45:42 -0500
From: Mike Sangrey <mike@sojurn.lns.pa.us>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
> I booted my box to try out the "linux single" lilo option, and I'm concerned
> that the resulting unprotected root shell is a fairly serious security
> concern.
>
> Not all machines can be physically secured (e.g. in a large office building,
> perhaps) and it seems that it would be a trivial way to gain root access to
> any Linux box.
>
> Am I misunderstanding something fairly obvious here?
>
> Thanks,
> Chris Powell
>
Good point, but not new. If you need more info, you should be able to find
info in /usr/doc/lilo* The lilo doc, mine is version 17, says:
Images are protected by a password if the variable PASSWORD is set. If the
variable RESTRICTED is set in addition to PASSWORD, a password is only
required to boot the respective image if parameters are specified on the
command line (e.g. single). PASSWORD and RESTRICTED can also be set in the
options section to be the default password and password protection mode for
all images. Because the configuration file contains unencrypted passwords
when using PASSWORD, it should only be readable for the super-user.
I haven't used this, YMMV.
--
Mike Sangrey <mike@sojurn.lns.pa.us> (Home)
<Mike.Sangrey@specmarkmet.com>(Work)
"I've trademarked `William Della Croce, Jr.(tm)'.
Anyone using this name owes me $1,000,000."
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
