Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 5265 - becoming root without knowing root password
Summary: becoming root without knowing root password
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: lilo
Version: 6.0
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
: 5287 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-09-21 09:26 UTC by rquast
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-09-21 14:51:12 UTC


Attachments (Terms of Use)

Description rquast 1999-09-21 09:26:56 UTC
RedHat Linux 6.0 allows to boot in single user mode (and
become root) without asking for the root password.

Comment 1 Bill Nottingham 1999-09-21 14:51:59 UTC
and you can do the same thing with linux init=/bin/bash.
Therefore, we won't change the 'linux single' behavior.

Comment 2 Bill Nottingham 1999-09-21 22:10:59 UTC
*** Bug 5287 has been marked as a duplicate of this bug. ***

Are you aware that when the computer is sitting at the lilo:
prompt and you type 'linux 1', when it boots to single user,
you can use the passwd utility to change the root password
without knowing the root password!

I don't know if this is a bug or if this is supposed to be
this way.  It just seems like it is not real secure.

Comment 3 asosin 2000-03-16 18:26:59 UTC
I don't understand why this is marked as resolved.  This is a major security
problem.  On the Server this may not be an issue, but in a desktop environment
if a user knows how to type :   linux init=/bin/bash
or some other command like that, this will allow them root or God access.
 Is there some way to prompt a user for root password every time they type
something in, but if they use the menu option "tab" then no password is required
?


Note You need to log in before you can comment on or make changes to this bug.