[ale] Trivial Breakin to RH-4.0 -- What's happening?
John M. Mills
jmills at bismarck.gtri.gatech.edu
Thu Dec 12 14:37:10 EST 1996
Hello --
I just installed RD-4.0 on my system from the "boxed set" "Offical Red Hat 4.0"
CD, and have noticed the following behavior:
1. reboot the system
2. at 'LILO:' prompt, boot as 'linux 1'
3. at 'login:' prompt, _start_ to enter a username( 'ro'), and:
VOILA -- I am at root permission in bash -- no login, no password!!!
Maybe I didn't even have to type at (3) -- I didn't try just waiting.
The kernel is 2.0.18.
What's happening, and more important, how can it be controlled? I don't think
"there's no security when the computer is physically accessible" is quite
the answer -- at least I would expect an intruder to need some kind of
diskette!
Regards --jmm--
John M. Mills, Senior Research Engineer -- john.m.mills at gtri.gatech.edu
Georgia Tech Research Institute, Georgia Tech, Atlanta, GA 30332-0834
Phone contacts: 404.894.0151 (voice), 404.894.6285 (FAX)
"Lies, Damned Lies, Statistics, and Simulations"
More information about the Ale
mailing list