Red Hat Bugzilla – Bug 3045
Installer gives root access to existing Linux installation
Last modified: 2008-05-01 11:37:50 EDT
I have a Win95/Linux system and I discovered purely by
accident a security bug in the installer that gives you root
access to an existing Linux installation. If you run the
installer (from autoboot.bat) up to the point where it gives
you a choice between installing a new system and upgrading,
you can get root access by switching to vitrual terminal 2.
It's already logged in at a bash prompt there.
That is normal. Just dont let someone run the installation on your
personal system if you have sensitive information. You dont even have
to run the installation to get root access on a machine if they have
direct access to the server. That is why most sensitive servers are
kept in a locked room or closet.