Linux Single Hole
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Linux Single Hole

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    131

    Exclamation Linux Single Hole

    I am sort of new to linux but have noticed something disturbing about it.

    In a few of the manuals I have read they cover the "what if root password is lost" question. THe answer some give is to just simply re-install linux. But one said to try typing "linux single" at the lilo/grub prompt.

    I tried this and was able to type passwd root and change the root password.

    Is there a way to disable this? If not what happens if someone get in front of a major linux driven network computer and decides as a joke they will just change the root password?
    Whats a \"START\" button?
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    196
    Now you have me curious

    What manual said to do that?
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    This is probably just a distribution-specific thing. Obviously some distributions like Corel and/or Mandrake probably have something like that for those that forget passwords. What distribution did you try this on?
    \"If you torture the data enough, it will confess.\" --Ronald Coase
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Jul 2001
    Posts
    138

    if you use LILO

    If you are using LILO to boot, you can change the LILO conf to password protect the "linux single" boot option. Do a search for:
    linux howto lilo

    I can't remember how to do it, myself, but if you can't find it there, I will post it here when I look it up in my documentation at home. Good luck.
    Share on Google+

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    118
    That's actually not really a hole.....

    Y'see, most Linux security is concerned with network-specific applications--i.e, sendmail, apache, telnet....

    The physical security of the system--because the only way to put Linux in single-user mode (Runlevel 1, as I recall....) is to be at the console--is the sysadmin's problem. Any OS is insecure if you let someone at the physical system, because then, it becomes a hardware issue.

    Keep in mind, also, that you want to make lilo.conf not readable to anyone if you have a password set. The password in lilo.conf is not encrypted in any way, shape, or form--thus, anyone who can read it will know what it is.

    The only truly secure system is one which is sealed in a lead box at the bottom of a deep ocean trench, with the power off. And even that one can be comprimised..... ;-)
    Got Root?



    This user powered by Linux.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    131

    Question what manual was it?

    I found it in a Mandrake 7.2 manual, but I have also heard a few Slackware users say it worked on their boxes.

    I didnt think that it could be "prohibited" but I was just woundering if there was a fix for it.

    Thanks for the help. Keep posting here if you find anything that may help.
    Whats a \"START\" button?
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Jul 2001
    Posts
    138

    LILO config

    There are two parameters you can use to protect LILO.
    password=<password>
    and
    restricted

    To use these you need to edit your /etc/lilo.conf file.

    To restrict all images with one password:
    put password=<password> in the global section

    To restrict individual images with different passwords:
    put password=<password> under each image section

    To restrict passing parameters to LILO (ie "linux single"):
    put password=<password> at top AND place restricted under
    image sections you DON'T want to restrict being passed in.

    This is what my lilo.conf file looks like:

    # Start LILO global section
    boot = /dev/hda
    message = /boot/boot_message.txt
    prompt
    password=somepassword # sets the global password to somepassword
    timeout = 1200
    vga = normal
    # End LILO global section

    # Linux bootable partition config begins
    image = /vmlinuz
    restricted # lets me pass this in at the LILO prompt without being asked
    # for a password
    root = /dev/hda2
    label = linux
    read-only
    # Linux bootable partition config ends

    Notice the two sections commented. I can just hit enter at the lilo prompt, or i can pass in "linux" and it will boot normally without bugging me for a password. However, if I type "linux single" at the prompt, it requests the password.

    Don't forget to run the lilo command after making changes to your lilo.conf file so the new changes will be added. Also be sure to chmod 0600 your lilo.conf file so normal users can't see the password. Hope this helps and Happy Hacking!
    Share on Google+

  8. #8
    Junior Member
    Join Date
    Oct 2001
    Posts
    14

    Lightbulb this is NOT a bug

    I have RedHat and I've seen this starting with 5.1 to 7.1...i first read about it in a Naba Barkakati book "RedHat Linux Secrets" i guess. This is the way it should be.What if somebody hacks you and change your root password? ...What you can do is disable LILO so it won't ask for the OS/image you want to boot.

    CtrlAltDel
    Share on Google+

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    131

    Post Graphicsl logins

    You guys have been a great help, I have also noticed that if you use a graphical boot loader (bootmagic, RedHats graphicsl loader) that you don't really have a chioce of passing arguements to lilo/grub.

    Thanks for the help guys/girls
    Whats a \"START\" button?
    Share on Google+

  10. #10
    Member
    Join Date
    Sep 2001
    Posts
    89
    If you have problems with lilo,
    you can load an active filesystem with any good bootdisk,
    just load the active filesystem, and then edit lilo.conf, run lilo, and it should be fixed.

    8trak
    F0 0F C7 C8
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides