Bug 8390 - root gained without password
Summary: root gained without password
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: SysVinit
Version: 6.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-01-12 01:16 UTC by Steve Willoughby
Modified: 2014-03-17 02:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2000-01-13 16:20:35 UTC

Attachments (Terms of Use)

Description Steve Willoughby 2000-01-12 01:16:04 UTC
In many other distributions, when the system is started in single user
state or dropped to single user because of file system problems requiring
manual correction, the user is presented with login to provide the root
password before gaining root access to the system.  While root access can
be gained via recovery diskettes, a problem exists in the SysV scripts for
initstate 1 in that if linux is started from the LILO prompt thus:
LILO: linux 1
the system will boot into single user state with root shell prompt and no
need for any other tools!

Comment 1 Bill Nottingham 2000-01-13 16:20:59 UTC
You can do the same thing with 'linux init=/bin/bash'.
Without restricting lilo (look at the password options),
restricting 'linux single' is somewhat pointless.

Comment 2 Riley H Williams 2000-01-18 14:00:59 UTC
I have to admit that's one thing I would like to see changed, preferably so it
works along the lines of the following logic:

 1. At the moment, the "password=" line specifies the password to use. I
    would prefer to see this replaced with a "user=" line specifying the
    user whose password is to be used.

 2. When `lilo` is run and sees a "user=" line, it asks the user running
    it for a password and validates it against the login password of the
    specified user, aborting if they don't match.

 3. If the password matches, lilo stores an encrypted version thereof in
    the relevant boot sector as part of its duties,  and it is this that
    is used during system boot if a password is required.

Apart from anything else, this would remove a security risk from Linux.

Note You need to log in before you can comment on or make changes to this bug.