Bug 10265 - Specifying an init program poses security risk in Linux.
Specifying an init program poses security risk in Linux.
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: lilo (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Michael K. Johnson
: Security
: 10370 10822 10921 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-03-20 11:43 EST by asosin
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-10 02:04:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description asosin 2000-03-20 11:43:48 EST
I have a dual boot system Linux + NT, thus the system is using the NTLDR.
This is giving me a lot of trouble in terms of security.

 There are three problems:

 1.  I boot into Linux using single user mode and you can change the root
password.  I have resolved this
 now by adding the following line to the /etc/inittab  file
~~:S:wait:/sbin/sulogin

 2.  A user can specify an alternate init program, as an example
 try typing this in          linux init=/bin/bash

 This will get me into the root shell immediately.  Which is a very serious
problem.  In fact even adding the lines to
 /etc/lilo.conf    will not help due to the fact that this is a dual boot
machine.  However works fine on a regular Linux RedHat system.

 restricted
 password=thisisthepassword

Also the lilo.conf is readable/writable by root only !

 3.  Specifying an alternate root partition can also be problematic, but
can be worked around restricting certain files only to root and read access
to the rest of the users.  However a system with a seperate
 filesystem with /tmp *filesystem* could still be vulnerable.


 My greates problem is how to eliminate number "2", is there anyone who has
seen this before and can provide me with a solution.

 The alternative would be a boot loader that would prompt a user for a
password if there is any typing done, if the tab is not used to select an
option.  Does anyone know of such a boot loader, and where to
 find it ?

Here is my Lilo.conf in the hope that it will help in the solution.
Comment 1 asosin 2000-03-20 15:25:59 EST
"Lilo.conf"

boot=/dev/hda5
delay=50
map=/boot/map
install=/boot/boot.b
prompt
timeout=40
image=/boot/vmlinuz-2.
	label=linux
	root=/dev/hda5
	read-only
	password=1231a11a
	restricted
Comment 2 Bill Nottingham 2000-04-05 10:49:59 EDT
*** Bug 10370 has been marked as a duplicate of this bug. ****** Bug 10370 has been marked as a duplicate of this bug. ***
Comment 3 Bill Nottingham 2000-04-05 10:50:59 EDT
This works fine for me: if I add 'restricted', and some password,
I can still chose a different boot choice, but any arguments
to a linux boot still ask for the password.
Comment 4 dingof 2000-04-06 10:56:59 EDT
Yes it works fine only when you are running Linux, however have you tried this
with a dual boot computer ?   Thus (NT + Linux) and then try specifying the
command above ?

If it works for you with this type of environment, please specify exactly what
you have done to resolve this issue since I tried this on 7 different computers
now, and it doesn't work for us.
Comment 5 asosin 2000-04-10 15:24:59 EDT
Have you attempted to test this, when both LINUX and NT are installed   ?

This is what I explicitly pointed out as being the key in this
BUG.  Please read the post again if you don't understand it.
If you need further clerification e-mail me and I will be glad to
make it even more cristal clear.
Comment 6 Bill Nottingham 2000-04-14 17:02:59 EDT
*** Bug 10822 has been marked as a duplicate of this bug. ***
Comment 7 Bill Nottingham 2000-04-19 16:54:59 EDT
*** Bug 10921 has been marked as a duplicate of this bug. ***
Comment 8 dingof 2000-05-01 13:55:59 EDT
With a response time of 2 month, it's no wonder Linux has so many bugs.
Comment 9 dingof 2000-05-25 12:03:59 EDT
No anwer yet, great.  I expected a late response, but no
response means you don't have a clue how to solve the issue.  Oh well.
Comment 10 Perry Harrington 2000-12-10 02:04:34 EST
The only way that I have found to work correctly with NT is this:

fdisk drive
install NT on paritions set aside for it
Install linux on whatever partitions set aside for it
Install lilo on first sector of linux parition
use fdisk to mark the linux partition as the 'bootable' one.

This uses NT's default MBR code to load the BR from the linux parition, which
contains LILO.  LILO chains to the NT loader when booting NT, making NT happy.

This should allow correct passwording of the LILO command line.

Note You need to log in before you can comment on or make changes to this bug.