Bug 57303
| Summary: | getting into root w/o password | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | james Tate <mickeyboa> |
| Component: | lilo | Assignee: | Doug Ledford <dledford> |
| Status: | CLOSED NOTABUG | QA Contact: | Brock Organ <borgan> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.2 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-12-09 13:35:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
james Tate
2001-12-09 13:35:19 UTC
This is, in fact, the expected behaviour. In fact, you don't even have to do the su step above, at the first prompt you were already root. If you want to protect your machine from this then you have to put a password on lilo to keep people from booting the machine into single user mode. The reason that the default setup leaves this open is because a person can't do this without having physical access to the machine during the boot process, and if they have physical access to the machine then all the rest of your security measures are moot. So, instead of making like difficult for people that have physical access to the machine, this is in fact a handy recovery tool when you have forgotten your root password. Using this exact technique, you can change the root password to something new in those situations when you otherwise couldn't get into the machine with root priveledges. |