Bug 9803 - Sulogin bypass
Summary: Sulogin bypass
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: SysVinit
Version: 6.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-02-26 10:47 UTC by Panos Kavalagios
Modified: 2014-03-17 02:12 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-04-18 17:17:31 UTC
Embargoed:


Attachments (Terms of Use)

Description Panos Kavalagios 2000-02-26 10:47:53 UTC
Hello,

   When you start all Red Hat Linux versions with "linux single" or "linux
S" or "linux S" or "linux 1" to boot into a single user mode, you get a
nice root prompt. I used to overcome this security issue, with the
following line in /etc/inittab:

lS:Ss:wait:/sbin/sulogin

and every time the system entered in single user mode (except runlevel 1,
which I had to put the sulogin as the last command in
/etc/rc.d/init.d/single) it prompted for a root password or <ctrl>-D for a
normal startup. To my surprise, I discovered that pressing a simple
<ctrl>-C in the password prompt of sulogin program, it gives you a root
prompt again! This is an undesirable result and I would suggest to be
fixed as soon as possible.

   Thank you very much in advance.

King Regards,
Panos Kavalagios

P.S. According to /etc/rc.d/rc.sysinit, sulogin runs after an fsck failure,
which is really no need since a root bash prompt can be obtained so easily.

Comment 1 Bill Nottingham 2000-04-18 17:17:59 UTC
Fixed in SysVinit-2.78-6 - thanks for the bug report.


Note You need to log in before you can comment on or make changes to this bug.