Red Hat Bugzilla – Bug 8390
root gained without password
Last modified: 2014-03-16 22:12:00 EDT
In many other distributions, when the system is started in single user
state or dropped to single user because of file system problems requiring
manual correction, the user is presented with login to provide the root
password before gaining root access to the system. While root access can
be gained via recovery diskettes, a problem exists in the SysV scripts for
initstate 1 in that if linux is started from the LILO prompt thus:
LILO: linux 1
the system will boot into single user state with root shell prompt and no
need for any other tools!
You can do the same thing with 'linux init=/bin/bash'.
Without restricting lilo (look at the password options),
restricting 'linux single' is somewhat pointless.
I have to admit that's one thing I would like to see changed, preferably so it
works along the lines of the following logic:
1. At the moment, the "password=" line specifies the password to use. I
would prefer to see this replaced with a "user=" line specifying the
user whose password is to be used.
2. When `lilo` is run and sees a "user=" line, it asks the user running
it for a password and validates it against the login password of the
specified user, aborting if they don't match.
3. If the password matches, lilo stores an encrypted version thereof in
the relevant boot sector as part of its duties, and it is this that
is used during system boot if a password is required.
Apart from anything else, this would remove a security risk from Linux.