By default there are at list 3 ways to boot into Redhat Linux with root rights but without password by passing via lilo parameters to the kernel: linux s linux init=/bin/bash linux root=/dev/fd0 If somebody thinks it is OK, then what the root password is for ? Why not BY DEFAULT add option to lilo.conf which would disable passing ANY options to kernel. , or worse, ask about lilo password during installation informing that it's storing is insecure and doing chmod 600 /etc/lilo.conf You see, many people install Redhat , time is passing, but they still don't know about this stupid vulnerability. Caldera and Suse ask for root password when booting into single mode. It is easy to add some features to installation CD, so that those who forgot there root password and don't know what to do could just boot from CD, answer "yes" to a question about automatic mounting of all founded ext2 partitions,.... - no need to keep default vulnerability because of such people.
Read the docs, you can set a boot password in lilo.conf - "man lilo.conf", search for password.