Red Hat Bugzilla – Bug 81106
REDHAT LINUX 8.0 Login Security Breach!!!
Last modified: 2007-03-26 23:59:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
A few days ago... 3 or 4, i've found out that when i start my system on single
user mode, by passing the command "linux telinit 1" on lilo boot prompt, the
system, after the boot sequence, goes directly to the bash command line without
no required authentication of any user first.That way i gain full access to the
system, with full root privileges.I think it is a severe security breach,
because any user with malevolous intentions can gain full access to the system
and become it's owner.
I'm using Redhat 8.0 on an Intel celeron 266 Mhz (covington processor)
with lilo as a bootloader for a dualboot system.
I'm registered at RNH and my system is up to date!
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.i do ctrl+x at lilo boot screen to get to the lilo command line
2.then i type:
lilo: linux telinit 1
Actual Results: 3.After the boot process the system goes directly to the bash
command line with root previleges!!!
Expected Results: i would expect the system to go to the login screen and wait
for a user to authenticate and log into the system after that
I've posted this bug to this componnent but i think it is a systemwide security
bug, as i could not find any related componnent more apropriate
You forgot to set a LILO password.