[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Down goes Linux Security!



The hole you've described is easily plugged.  Here's one even more
difficult to handle (unless you use an encrypted filesystem):

Open the computer, take out the hard disk, change the jumper settings,
install it as secondary in another Linux system and mount all the
partitions.  Voila!  Root shells for the taking!

The moral of the story is that it is virtually impossible to secure
your computer against people who have physical access to it.  Not that
it's particularly easy to secure it against remote access either, but
definitely easier.

Ah, and as far as your problem goes, man lilo.  Give special attention
to the restricted and password commands.

Regards,

-- Raju

>>>>> "Saurabh" == metalmaniac  <metalmaniac@xxxxxxxxxxxx> writes:

    Saurabh> Hey guys, I may have found a security hole!!  Yesterday I
    Saurabh> was going through the BootPrompt HOWTO.  I have LILO
    Saurabh> installed for booting into Linux or Win95.  Just pass the
    Saurabh> option "init=/bin/sh" to the kernel, and presto! after
    Saurabh> the boot is complete you are dropped into the shell with
    Saurabh> *root* priveleges.  One thing though the root file system
    Saurabh> is mounted read-only. but no problem, just issue the
    Saurabh> command : mount -o remount,rw /dev/hda2 and hey! you just
    Saurabh> have total control over the file system as root.  What
    Saurabh> the hell is this! anyone can also boot from a floppy and
    Saurabh> mount the hard drive and create havoc!!!  is there a way
    Saurabh> out?  I have given my brother & myself simple user
    Saurabh> accounts.  only I know the root password, so he can't
    Saurabh> sneak into my home dir and see my personal files. but
    Saurabh> this way he may even change/delete them.  and I thought
    Saurabh> Linux was the most secure system around!!  any answers?
    Saurabh> Saurabh nanda