LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-20-2005, 06:46 PM   #1
carcassonne
Member
 
Registered: Jul 2005
Distribution: Fedora6 x86_64
Posts: 118

Rep: Reputation: 15
Disabling single user when booting


Hi all,

It is possible to 'trick' the normal booting sequence (when using lilo) and get a boot prompt asking mor eor less what to do. And then, at this boot prompt it is possible to say to run /bin/bash/ after booting the kernel thus evading all kind of user name and password queries. Once this is done the malicious user can change passwords, etc...

Can we disable this 'feature' ?

Thanks a lot for any suggestions !
 
Old 07-20-2005, 09:39 PM   #2
spoore
LQ Newbie
 
Registered: Aug 2004
Posts: 23

Rep: Reputation: 2
It's possible (I think) to a certain extent but you will lose recoverability. You can adjust the settings in the inittab and redirect those runlevels to whatever runlevel you want. I believe this will change how a single user boot functions but I've never actually done it before. You'd have to test it.

If this is really a security problem for you, this won't really fix the real issue. The culprit could easily boot from floppy/cd and adjust those settings as well as anything else on your machine. That is unless you're using bios passwords and/or encrypted file systems.

Now from a lilo perspective, I think it just passes the run level and the init process determines what level to run at. I'm not sure though. I'd still say test the inittab settings for single user if you can. There may be a way to set single user mode to request root's password the way some Solaris single user boots do. That may be something to search for as well.

Scott
 
Old 07-20-2005, 09:50 PM   #3
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
with lilo, you may password protect the boot prompt.. You must set
restricted
password=""
in your boot partition/s

See lilo(8)
 
Old 07-21-2005, 09:30 AM   #4
broch
Member
 
Registered: Feb 2005
Distribution: Slackware-current 64bit
Posts: 465

Rep: Reputation: 32
Quote:
with lilo, you may password protect the boot prompt..
and next use Knopix CD and your password is worthless (It is easy to reset password if one has physical access to your computer)
 
Old 07-21-2005, 12:27 PM   #5
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
Originally posted by broch
and next use Knopix CD and your password is worthless (It is easy to reset password if one has physical access to your computer)
Of course, you must password-protect your bios too, after setting the boot sequence to your hard drive always 1st
 
Old 07-21-2005, 01:13 PM   #6
broch
Member
 
Registered: Feb 2005
Distribution: Slackware-current 64bit
Posts: 465

Rep: Reputation: 32
Quote:
Of course, you must password-protect your bios too, after setting the boot sequence to your hard drive always 1st
Yeah, open box, remove battery for a minute or so, put battery back and boot up from Knopix. If there is physical access all to the box it is impossible to fully ptotect it. Use separate logins to protect individual users, but if someone want to get to your box without permission and has physical access you may be in trouble.
 
Old 07-21-2005, 02:55 PM   #7
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
Originally posted by broch
Yeah, open box, remove battery for a minute or so, put battery back and boot up from Knopix. If there is physical access all to the box it is impossible to fully ptotect it. Use separate logins to protect individual users, but if someone want to get to your box without permission and has physical access you may be in trouble.

This has been discussed countless of times. Everyone with physical access may do many things at will. Anyway, you can protect your sensitive data encrypting your hard drive (for laptop users it's a must)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Preventing Linux from booting in Single User Mode LinuxSeeker Linux - Security 8 08-28-2009 07:12 AM
Booting into Single User on MDK 9 asks for root password instead of booting into root acadcworks Linux - General 6 01-10-2006 06:51 AM
single user mode while booting ravikumarG AIX 4 08-17-2005 01:57 AM
user interaction disabling? dafri Linux - General 2 07-20-2003 05:39 AM
Apache user and disabling shell dai Linux - Security 2 07-02-2003 03:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration