[ale] Trivial Breakin to RH-4.0 -- What's happening?

Chris Ricker gt1355b at prism.gatech.edu
Thu Dec 12 18:29:58 EST 1996


On Thu, 12 Dec 1996, John M. Mills wrote:

> 
> 1. reboot the system
> 2. at 'LILO:' prompt, boot as 'linux 1'
> 3. at 'login:' prompt, _start_ to enter a username( 'ro'), and:
> 
> VOILA -- I am at root permission in bash -- no login, no password!!!
> Maybe I didn't even have to type at (3) -- I didn't try just waiting.
> 
> The kernel is 2.0.18.
> 
> What's happening, and more important, how can it be controlled?  I don't think
> "there's no security when the computer is physically accessible" is quite
> the answer -- at least I would expect an intruder to need some kind of
> diskette!

What's happening is you're booting up in single-user mode, so you have
root access.  If you want to require a password for single-user mode, edit
your lilo.conf.  In the section that specifies your linux image (the part
starting out something like "image=/linux", as I gather you have yours set
up), add two lines: 

password=<something you won't forget here>
restricted

Save, run lilo, and reboot.  Now, you'll have to enter a password whenever
you pass command-line options to linux ("linux" at the lilo prompt won't
require a password; "linux 1" or "linux cdu31a_irq=10", for example,
will).  If you want to always have a password, take out the restricted
line.

Turning off boot/seek from floppy, adding password to lilo, and removing
the <ctrl>-<alt>-<del> trap are about all you can do to protect it from
console attack (though people who have physical access can always just
pull the plug ;-).

later,
chris

--
Chris Ricker                                   gt1355b at prism.gatech.edu

"All the world's a stage and most of us are desperately unrehearsed."
              -- Sean O'Casey






More information about the Ale mailing list