LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Is this a Linux security flaw ?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-08-2002, 03:22 PM   #1
josedsilva
LQ Newbie
 
Registered: Apr 2002
Location: Goa, India.
Posts: 23

Rep: Reputation: 15
Red face Is this a Linux security flaw ?

Hi,
If I press Ctrl+X at the LILO prompt during bootup and type this string at the boot prompt:
"linux init s"
where "linux" is the boot partition label, I enter into single user mode. The security glitch is that anybody can type passwd at the shell prompt and Linux promptly allows the root password to be changed. Is this a strength or a weakness of Linux?
Can I disable this feature?
 
Old 05-08-2002, 04:11 PM   #2
DMR
Member
 
Registered: Jun 2001
Location: Fairfax, California
Distribution: RH 9.0, RH 7.3, Mandrake 8.0
Posts: 986

Rep: Reputation: 30
There are a lot of aspects of a default configuration that could be considered security holes, and what you're describing is certainly one of the more well-known. The key word is default though, because the system admin can close the hole you describe by modifying the bootloader's config file and mucking around with a few file attributes.
Some have also argued the exploit you describe can be considered kind of moot, because someone attempting to crack your system in that way has to have physical access to the system. If they do have physical access to your box, what's to stop them from just removing your hard drive and putting it in another computer (which would bypass the bootloader altogether)?


- just my $0.02...

<edit> Instructions for securing Lilo (and more) </edit>
Last edited by DMR; 05-08-2002 at 04:17 PM.
 
Old 05-20-2002, 05:22 AM   #3
jayakrishnan
Member
 
Registered: Feb 2002
Location: India
Distribution: Slacky 12.1, XP
Posts: 992

Rep: Reputation: 30
add the word
restricted
to lilo.conf
and rerun lilo
 
Old 05-24-2002, 12:03 AM   #4
5amYan
Member
 
Registered: Apr 2002
Location: The District
Distribution: FreeBSD, OBSD maybe Gentoo and Winblech XP
Posts: 291

Rep: Reputation: 30
get grubby
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mozilla Linux Command Line URL Parsing Security Flaw Reported win32sux Linux - Security 9 10-06-2005 06:39 AM
firefox 1.0.6 - critical security flaw slackhack Linux - Security 3 09-23-2005 01:13 AM
News: Spoofing Is a Security Flaw ?? m_shroom Linux - Security 1 11-05-2004 08:57 PM
New Win XP Security Flaw ranger_nemo Linux - Security 9 02-25-2003 06:58 AM
Flaw weakens Linux security software nikhiljosh Linux - Security 0 03-03-2002 04:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:11 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration