Bug 57303 - getting into root w/o password
getting into root w/o password
Product: Red Hat Linux
Classification: Retired
Component: lilo (Show other bugs)
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Doug Ledford
Brock Organ
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-12-09 08:35 EST by james Tate
Modified: 2007-03-26 23:50 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-12-09 08:35:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description james Tate 2001-12-09 08:35:19 EST
Description of Problem: I can login on Redhat 7.1 or 7.2 to root without
using password.

Version-Release number of selected component (if applicable):RH7.1, 7.2

How Reproducible:

Steps to Reproduce:
1. At dual boot window, hit ctrl x
2. At Boot: type in ""Linux single"
3. sh-2.04# su 
4. and to: [root@localhost /]  " without having to use my root password" .

Actual Results:

Expected Results:

Additional Information:
Surely this isn't a normal ?
Comment 1 Doug Ledford 2001-12-09 23:27:01 EST
This is, in fact, the expected behaviour.  In fact, you don't even have to do
the su step above, at the first prompt you were already root.  If you want to
protect your machine from this then you have to put a password on lilo to keep
people from booting the machine into single user mode.  The reason that the
default setup leaves this open is because a person can't do this without having
physical access to the machine during the boot process, and if they have
physical access to the machine then all the rest of your security measures are
moot.  So, instead of making like difficult for people that have physical access
to the machine, this is in fact a handy recovery tool when you have forgotten
your root password.  Using this exact technique, you can change the root
password to something new in those situations when you otherwise couldn't get
into the machine with root priveledges.

Note You need to log in before you can comment on or make changes to this bug.