LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   I was logged in as root without providing password (http://www.linuxquestions.org/questions/slackware-14/i-was-logged-in-as-root-without-providing-password-4175488967/)

lordadamson 12-23-2013 01:06 PM

I was logged in as root without providing password
 
I installed slackware 14 on virtualbox just playing around and testing different distros.

I found that I have to issue startx command everytime I log in to get KDE started up.

so I went to /etc/rc.d/rc.local

I added a path to a script that only contain "startx".

I rebooted the VM to test if that will work. and it did work, but lo, behold! once the system started, KDE started and I was logged in as root without having to provide a password!

isn't that a loophole? or am I missing something?

xp19375 12-23-2013 01:10 PM

[Deleted]

xp19375 12-23-2013 01:12 PM

I believe all of your init scripts (those in /etc/rc.d) are run as root, so putting "startx" in rc.local will run X as root.

The proper way to get X to start on boot is to edit your /etc/inittab, and set the default runlevel to 4 by changing
Code:

id:3:initdefault:
to
Code:

id:4:initdefault:

Habitual 12-23-2013 01:55 PM

http://docs.slackware.com/slackware:beginners_guide

yars 12-24-2013 10:49 AM

This is interesting way to get root privileges :) Another way is to send to the kernel the parameter init=/bin/bash root=/dev/sda1 and then get root privileges without giving a password. If the malefactor have access to local machine, maybe only the encrypted partitions may help to save your data.
But for changing a content of rc.local needed root's privileges, and it's not a problem, and it is good.

FeyFre 12-25-2013 03:20 AM

Quote:

f the malefactor have access to local machine
If malefactor has access to physical console this is absolutely separate branch of security facilities, and it has own methods to prevent such problem. Malefactor can extract storage devices, create hard copy, put them back, even to care about security seals. This is not in competention of software solutions.

unSpawn 12-28-2013 06:32 AM

Please post your thread once and in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate of https://www.linuxquestions.org/quest...ox-4175488966/.


All times are GMT -5. The time now is 01:21 PM.