Re: [Full-disclosure] Root password change

Trivial to defeat. Just boot in to single user mode with these kernel
options:
single init=/bin/bash

Again .. only due to initial misconfiguration.

Nobody should allow alternate switches to be passed to the kernel at boot .. either by password-protecting the bootloader, or via firmware (as with OpenBoot).

/mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: x86 romboot vs BIOS
    ... Is the end user going to remote boot the thing over ... with no bootloader involvement at all. ... storage media is *not in use* once the bootloader is done with it, ... case of the reset vector, the processor would be running in real mode. ...
    (microsoft.public.windowsce.embedded)
  • Re: XP wont boot from a volume formated in WinPE 2 (Vista)
    ... I did not write any bootloader at all, I let the Windows XP setup ... Copying the Vista boot files to a VWInPE2 formated disk makes the ... No way I can activate the Windows XP ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Image instalation issue
    ... The bootloader has to reside somewhere that is launched on *boot*. ... I haven't been through the Windows ... How do I make the flash card have an MBR ...
    (microsoft.public.windowsce.embedded)
  • Re: OTPs
    ... >> the internet and then generating his random numbers. ... >> unplug the internet, boot Knoppix, generate his random numbers, burn ... Even if both Knoppix and his regular OS are insecure ... > Is this secure against firmware modifications, ...
    (sci.crypt)
  • Re: how make the debian bootable
    ... yeah, Andre is right, that's okay, provided you have a bootloader ... installed to the master boot record of the disc. ... that's most likely because you don't have a boot loader install. ... you need to edit the partition table to make the ...
    (Debian-User)