Bug 5265 - becoming root without knowing root password
Summary: becoming root without knowing root password
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: lilo
Version: 6.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
: 5287 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 1999-09-21 09:26 UTC by rquast
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-09-21 14:51:12 UTC

Attachments (Terms of Use)

Description rquast 1999-09-21 09:26:56 UTC
RedHat Linux 6.0 allows to boot in single user mode (and
become root) without asking for the root password.

Comment 1 Bill Nottingham 1999-09-21 14:51:59 UTC
and you can do the same thing with linux init=/bin/bash.
Therefore, we won't change the 'linux single' behavior.

Comment 2 Bill Nottingham 1999-09-21 22:10:59 UTC
*** Bug 5287 has been marked as a duplicate of this bug. ***

Are you aware that when the computer is sitting at the lilo:
prompt and you type 'linux 1', when it boots to single user,
you can use the passwd utility to change the root password
without knowing the root password!

I don't know if this is a bug or if this is supposed to be
this way.  It just seems like it is not real secure.

Comment 3 asosin 2000-03-16 18:26:59 UTC
I don't understand why this is marked as resolved.  This is a major security
problem.  On the Server this may not be an issue, but in a desktop environment
if a user knows how to type :   linux init=/bin/bash
or some other command like that, this will allow them root or God access.
 Is there some way to prompt a user for root password every time they type
something in, but if they use the menu option "tab" then no password is required

Note You need to log in before you can comment on or make changes to this bug.