[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Down goes Linux Security!
The hole you've described is easily plugged. Here's one even more
difficult to handle (unless you use an encrypted filesystem):
Open the computer, take out the hard disk, change the jumper settings,
install it as secondary in another Linux system and mount all the
partitions. Voila! Root shells for the taking!
The moral of the story is that it is virtually impossible to secure
your computer against people who have physical access to it. Not that
it's particularly easy to secure it against remote access either, but
Ah, and as far as your problem goes, man lilo. Give special attention
to the restricted and password commands.
>>>>> "Saurabh" == metalmaniac <metalmaniac@xxxxxxxxxxxx> writes:
Saurabh> Hey guys, I may have found a security hole!! Yesterday I
Saurabh> was going through the BootPrompt HOWTO. I have LILO
Saurabh> installed for booting into Linux or Win95. Just pass the
Saurabh> option "init=/bin/sh" to the kernel, and presto! after
Saurabh> the boot is complete you are dropped into the shell with
Saurabh> *root* priveleges. One thing though the root file system
Saurabh> is mounted read-only. but no problem, just issue the
Saurabh> command : mount -o remount,rw /dev/hda2 and hey! you just
Saurabh> have total control over the file system as root. What
Saurabh> the hell is this! anyone can also boot from a floppy and
Saurabh> mount the hard drive and create havoc!!! is there a way
Saurabh> out? I have given my brother & myself simple user
Saurabh> accounts. only I know the root password, so he can't
Saurabh> sneak into my home dir and see my personal files. but
Saurabh> this way he may even change/delete them. and I thought
Saurabh> Linux was the most secure system around!! any answers?
Saurabh> Saurabh nanda