LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
 
Search this Thread
Old 12-23-2013, 01:01 PM   #1
lordadamson
Member
 
Registered: Nov 2013
Location: Egypt
Distribution: Fedora
Posts: 32

Rep: Reputation: Disabled
Loop hole in slackware 14 run on virtualbox


I installed slackware 14 on virtualbox just playing around and testing different distros.

I found that I have to issue startx command everytime I log in to get KDE started up.

so I went to /etc/rc.d/rc.local

I added a path to a script that only contain "startx".

I rebooted the VM to test if that will work. and it did work, but lo, behold! once the system started, KDE started and I was logged in as root without having to provide a password!

isn't that a loophole? or am I missing something?
 
Old 12-23-2013, 01:10 PM   #2
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1}
Posts: 2,457

Rep: Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036
Quote:
Originally Posted by lordadamson View Post
isn't that a loophole? or am I missing something?
Yep, missing a little something!

Slackware boots to console, runlevel 3 by default.

Change the default runlevel to 4 in /etc/inittab to default to graphical login and start X.
 
Old 12-23-2013, 01:22 PM   #3
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1}
Posts: 2,457

Rep: Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036Reputation: 1036
Per your other thread here, starting X from the rc.local script will indeed start it as root - don't do that!

You should read the various README's and TXT files that come with Slackware, and I would also point you to any number of online resources for understanding the GNU/Linux boot process. This would be a good place to start, and this will address this specific configuration.

Good luck!

Last edited by astrogeek; 12-23-2013 at 01:23 PM.
 
  


Reply

Tags
kde, security, slackware, startx, vulnerability


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Mounting a VirtualBox drive image (vdi) without specifying a loop device frikdt Linux - Virtualization and Cloud 2 02-03-2013 11:34 AM
[SOLVED] Installing VirtualBox*.run * Oracle*.run on Slackware 14 - Help/Information lkraemer Slackware 3 10-09-2012 09:08 AM
Move Slackware guest from a Slackware hosted Virtualbox to Windows hosted Virtualbox? damgar Slackware 1 08-07-2012 11:28 PM
Installed Virtualbox OSE in Slackware 12.2, but not able to run or setup network. pcsmasher Slackware 3 07-01-2009 02:07 AM
which one is a common Security loop hole palanisaravanan Linux - Security 5 04-26-2004 05:01 PM


All times are GMT -5. The time now is 08:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration