Bug 81106 - REDHAT LINUX 8.0 Login Security Breach!!!
REDHAT LINUX 8.0 Login Security Breach!!!
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: bash (Show other bugs)
8.0
i586 Linux
high Severity medium
: ---
: ---
Assigned To: Tim Waugh
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-01-04 15:50 EST by Paulo Santos
Modified: 2007-03-26 23:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-04 16:24:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paulo Santos 2003-01-04 15:50:53 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
A few days ago... 3 or 4, i've found out that when i start my system on single
user mode, by passing the command "linux telinit 1" on lilo boot prompt, the
system, after the boot sequence, goes directly to the bash command line without
no required authentication of any user first.That way i gain full access to the
system, with full root privileges.I think it is a severe security breach,
because any user with malevolous intentions can gain full access to the system
and become it's owner.

I'm using Redhat 8.0 on an Intel celeron 266 Mhz (covington processor)
with lilo as a bootloader for a dualboot system.
I'm registered at RNH and my system is up to date!

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.i do ctrl+x at lilo boot screen to get to the lilo command line

2.then i type:
lilo: linux telinit 1


    

Actual Results:  3.After the boot process the system goes directly to the bash
command line with root previleges!!!

Expected Results:  i would expect the system to go to the login screen and wait
for a user to authenticate and log into the system after that

Additional info:
I've posted this bug to this componnent but i think it is a systemwide security
bug, as i could not find any related componnent more apropriate
Comment 1 Tim Waugh 2003-01-04 16:24:16 EST
You forgot to set a LILO password.

Note You need to log in before you can comment on or make changes to this bug.