I was logged in as root without providing password
 

I installed slackware 14 on virtualbox just playing around and testing different distros.

I found that I have to issue startx command everytime I log in to get KDE started up.

so I went to /etc/rc.d/rc.local

I added a path to a script that only contain "startx".

I rebooted the VM to test if that will work. and it did work, but lo, behold! once the system started, KDE started and I was logged in as root without having to provide a password!

isn't that a loophole? or am I missing something?

[Deleted]

I believe all of your init scripts (those in /etc/rc.d) are run as root, so putting "startx" in rc.local will run X as root.

The proper way to get X to start on boot is to edit your /etc/inittab, and set the default runlevel to 4 by changing
to

This is interesting way to get root privileges :) Another way is to send to the kernel the parameter init=/bin/bash root=/dev/sda1 and then get root privileges without giving a password. If the malefactor have access to local machine, maybe only the encrypted partitions may help to save your data.
But for changing a content of rc.local needed root's privileges, and it's not a problem, and it is good.

If malefactor has access to physical console this is absolutely separate branch of security facilities, and it has own methods to prevent such problem. Malefactor can extract storage devices, create hard copy, put them back, even to care about security seals. This is not in competention of software solutions.

Please post your thread once and in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate of https://www.linuxquestions.org/quest...ox-4175488966/.