Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 08-12-2003, 08:38 PM   #1
Senior Member
Registered: Jan 2003
Location: Malaysia
Distribution: Fedora Core, Slackware, Mac OS X, Debian, OpenSUSE
Posts: 1,210
Blog Entries: 4

Rep: Reputation: 45
Cool security hole or convenience?

Some one can gain root access to your computer if he or she have a Slackware disk.

This is what I did (to my own computer):
1. boot up into Slackware 9 Installation disk.
2. let it boot the kernel on cd-rom.
3. mount the / partition (hard disk) on somewhere such as /mnt/root
4. chroot /mnt/root

and here you go.. you have root access to the machine already (in 4 easy steps).

It is very useful if you forgot your root password I guess.
hehehe And also if you screw up your kernel and want to go in and do some repairing. But it is also dangerous.
Old 08-12-2003, 09:21 PM   #2
LQ Guru
Registered: Mar 2003
Location: New Jersey
Distribution: Arch Linux
Posts: 1,445

Rep: Reputation: 46
Linux is very safe as a server. Which means remote people getting into it.

If stangers can get physical access to your machine, you have other security issues. Many cases come with Drive locks now as well.

So I consider it a convenience.
Old 08-12-2003, 09:25 PM   #3
Registered: Jan 2003
Location: Sudbury Ontario, Canada
Distribution: Slackware
Posts: 388

Rep: Reputation: 30
well, I dought alot of admins who run linux on servers and/or public access will allow regular users to mount anything. Maybe floppy and cdrom, but that would be it. As for mounting partitions, I dought it.

Old 08-13-2003, 03:07 AM   #4
LQ Newbie
Registered: May 2003
Location: In front of the monitor
Posts: 16

Rep: Reputation: 0
This is normal operation and in some ways a convenience.

The first rule to ANY computer security is to restrict physical access to the machine unless there is no other choice. If it's a public machine:

1. Remove/secure the CD drive so they can't load programs
2. Remove/secure the floppy drive so they can't load programs
3. Cover/Lock the front panel so they can't press reset
4. Cover/Lock the front panel so they can't press power
5. Secure the power cord so they can't yank it
6. Secure the case so they can't open it
7. Cover/secure the USB ports so they can't load programs
8. Cover/secure the serial ports so they can't load programs
9. Cover/secure the parallel port so they can't load programs

You get the idea. I don't care what computer or OS it is, you give me unrestricted physical access to the machine, and I WILL have the whole cookie jar

So you need to lock that machine in a room or secure it from physical tampering in some way if you think there is a chance that someone you don't want to mess with the machine gets to it.

Last edited by bobtmasse; 08-13-2003 at 03:09 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
find security hole... os2 Linux - Security 5 10-13-2005 11:16 PM
check the security hole ust Linux - Security 6 09-10-2004 05:42 PM
panther security hole??? feetyouwell General 5 04-19-2004 10:03 AM
Security Hole -Samba dvong3 Linux - Security 1 03-21-2003 02:38 PM
Security Hole in PHP 4.3.0 Crashed_Again Linux - Security 1 03-01-2003 03:29 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:03 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration