Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 3045

Summary: Installer gives root access to existing Linux installation
Product: [Retired] Red Hat Linux Reporter: michael
Component: installerAssignee: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-05-25 17:56:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description michael 1999-05-25 17:13:42 UTC
I have a Win95/Linux system and I discovered purely by
accident a security bug in the installer that gives you root
access to an existing Linux installation.  If you run the
installer (from autoboot.bat) up to the point where it gives
you a choice between installing a new system and upgrading,
you can get root access by switching to vitrual terminal 2.
 It's already logged in at a bash prompt there.

Comment 1 David Lawrence 1999-05-25 17:56:59 UTC
That is normal. Just dont let someone run the installation on your
personal system if you have sensitive information. You dont even have
to run the installation to get root access on a machine if they have
direct access to the server. That is why most sensitive servers are
kept in a locked room or closet.