[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Down goes Linux Security!

Hey guys,
I may have found a security hole!!
Yesterday I was going through the BootPrompt HOWTO.
I have LILO installed for booting into Linux or Win95.
Just pass the option "init=/bin/sh" to the kernel, and presto! after the boot is complete you are dropped into the shell with *root* priveleges.
One thing though the root file system is mounted read-only. but no problem, just issue the command : mount -o remount,rw /dev/hda2 and hey! you just have total control over the file system as root.
What the hell is this! anyone can also boot from a floppy and mount the hard drive and create havoc!!!
is there a way out?
I have given my brother & myself simple user accounts.
only I know the root password, so he can't sneak into my home dir and see my personal files. but this way he may even change/delete them.
and I thought Linux was the most secure system around!!
any answers?
Saurabh nanda

123India.com - India's Premier Portal 
Get your Free Email Account at http://www.123india.com