Bug 3045

Summary: Installer gives root access to existing Linux installation
Product: [Retired] Red Hat Linux Reporter: michael
Component: installerAssignee: David Lawrence <dkl>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-05-25 17:56:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description michael 1999-05-25 17:13:42 UTC 
I have a Win95/Linux system and I discovered purely by
accident a security bug in the installer that gives you root
access to an existing Linux installation.  If you run the
installer (from autoboot.bat) up to the point where it gives
you a choice between installing a new system and upgrading,
you can get root access by switching to vitrual terminal 2.
 It's already logged in at a bash prompt there.
Comment 1 David Lawrence 1999-05-25 17:56:59 UTC 
That is normal. Just dont let someone run the installation on your
personal system if you have sensitive information. You dont even have
to run the installation to get root access on a machine if they have
direct access to the server. That is why most sensitive servers are
kept in a locked room or closet.