Bug 9803 - Sulogin bypass
Sulogin bypass
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: SysVinit (Show other bugs)
6.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-02-26 05:47 EST by Panos Kavalagios
Modified: 2014-03-16 22:12 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-04-18 13:17:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Panos Kavalagios 2000-02-26 05:47:53 EST
Hello,

   When you start all Red Hat Linux versions with "linux single" or "linux
S" or "linux S" or "linux 1" to boot into a single user mode, you get a
nice root prompt. I used to overcome this security issue, with the
following line in /etc/inittab:

lS:Ss:wait:/sbin/sulogin

and every time the system entered in single user mode (except runlevel 1,
which I had to put the sulogin as the last command in
/etc/rc.d/init.d/single) it prompted for a root password or <ctrl>-D for a
normal startup. To my surprise, I discovered that pressing a simple
<ctrl>-C in the password prompt of sulogin program, it gives you a root
prompt again! This is an undesirable result and I would suggest to be
fixed as soon as possible.

   Thank you very much in advance.

King Regards,
Panos Kavalagios

P.S. According to /etc/rc.d/rc.sysinit, sulogin runs after an fsck failure,
which is really no need since a root bash prompt can be obtained so easily.
Comment 1 Bill Nottingham 2000-04-18 13:17:59 EDT
Fixed in SysVinit-2.78-6 - thanks for the bug report.

Note You need to log in before you can comment on or make changes to this bug.