(newbie) Question about core linux security
From: Sam Joharay (public_viewer_at_indiatimes.com)
Date: 02/11/04
- Next message: Bit Twister: "Re: (newbie) Question about core linux security"
- Previous message: Synchrodude: "Re: Linux has a long way to go before it becomes the major OS"
- Next in thread: Bit Twister: "Re: (newbie) Question about core linux security"
- Reply: Bit Twister: "Re: (newbie) Question about core linux security"
- Reply: NeoSadist: "Re: (newbie) Question about core linux security"
- Reply: Christopher Browne: "Re: (newbie) Question about core linux security"
- Reply: Johan Lindquist: "Re: (newbie) Question about core linux security"
- Reply: Jim Richardson: "Re: (newbie) Question about core linux security"
- Reply: Lew Pitcher: "Re: (newbie) Question about core linux security"
- Reply: Travis Casey: "Re: (newbie) Question about core linux security"
- Reply: Keith Keller: "Re: (newbie) Question about core linux security"
- Reply: Jacob Westenbach: "Re: (newbie) Question about core linux security"
- Reply: Jim Chisholm: "Re: (newbie) Question about core linux security"
- Reply: John Thompson: "Re: (newbie) Question about core linux security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Feb 2004 20:54:19 -0800
Hi,
A friend of mine pointed this out to me
(which I believe must be common knowledge
though I'm kinda surprised by it):
Claim: If you have physical access to a linux
machine, you can gain root access. Furthermore
you can create a user with any name which will
have root access (thus leave a backdoor entry
for remote root access).
How to: Reboot the PC. Hit Ctrl-X when the login
screen appears. You will get a command prompt
that says "boot:"
Type "linux 1"
Once thus logged in, you have permissions to edit
all files. Edit /etc/passwd and add line:
myuser::0:0:root:/root:/bin/bash
Save file and exit (logout/reboot).
Now you have created a user with user name myuser
which has root privileges (try it).
==============================================
I want to know whether:
a. this is a well known security flaw
b. if there is someway to prevent this.
c. is there anything that distinguishes a user thus
created from the root user (in terms of privileges)
=============================================
If the claim is true (I have tried it on the redhat
linux installation that I have) then IMHO, it means
that a linux machine is only as secure as the lock
that guards it.
Please comment,
[Sam Jo]
- Next message: Bit Twister: "Re: (newbie) Question about core linux security"
- Previous message: Synchrodude: "Re: Linux has a long way to go before it becomes the major OS"
- Next in thread: Bit Twister: "Re: (newbie) Question about core linux security"
- Reply: Bit Twister: "Re: (newbie) Question about core linux security"
- Reply: NeoSadist: "Re: (newbie) Question about core linux security"
- Reply: Christopher Browne: "Re: (newbie) Question about core linux security"
- Reply: Johan Lindquist: "Re: (newbie) Question about core linux security"
- Reply: Jim Richardson: "Re: (newbie) Question about core linux security"
- Reply: Lew Pitcher: "Re: (newbie) Question about core linux security"
- Reply: Travis Casey: "Re: (newbie) Question about core linux security"
- Reply: Keith Keller: "Re: (newbie) Question about core linux security"
- Reply: Jacob Westenbach: "Re: (newbie) Question about core linux security"
- Reply: Jim Chisholm: "Re: (newbie) Question about core linux security"
- Reply: John Thompson: "Re: (newbie) Question about core linux security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
