Bug 3045 - Installer gives root access to existing Linux installation
Installer gives root access to existing Linux installation
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: installer (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-05-25 13:13 EDT by michael
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-05-25 13:56:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description michael 1999-05-25 13:13:42 EDT
I have a Win95/Linux system and I discovered purely by
accident a security bug in the installer that gives you root
access to an existing Linux installation.  If you run the
installer (from autoboot.bat) up to the point where it gives
you a choice between installing a new system and upgrading,
you can get root access by switching to vitrual terminal 2.
 It's already logged in at a bash prompt there.
Comment 1 David Lawrence 1999-05-25 13:56:59 EDT
That is normal. Just dont let someone run the installation on your
personal system if you have sensitive information. You dont even have
to run the installation to get root access on a machine if they have
direct access to the server. That is why most sensitive servers are
kept in a locked room or closet.

Note You need to log in before you can comment on or make changes to this bug.