lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 15 Jul 2005 07:04:02 -0400
From: "Lauro, John" <jlauro@...lint.edu>
To: "Sumy" <sanandres@...il.com>,
	"SBUGTRAQ" <bugtraq@...urityfocus.com>
Cc: FULLDISC <full-disclosure@...ts.grok.org.uk>
Subject: RE: Rooting Linux with a floppy


 6.2?  What is that???  Latest kernel is 2.6...

This is true of the default install of almost every Unix-like OS
including Solaris and, and ever Windows OS including Windows 2003
(although the files you have to alter are different in Windows).  (Of
course with windows you generally need at least a boot CD to get
enough tools to do anything useful).


Note, this is the standard *default* setup...  With Linux (and
others), you can use an encrypted filesystem if you are paranoid at
the cost of a performance hit and the ability to do full autostart
without leaving the key in the machine...  I'm not even sure if there
is a distribution that ships with it as an option for a standard
install, as it's generally better to keep the servers phyisically
secure then the PITA it causes from the performance hit and most of
the time it is good to leave an emergency back-door for the admin who
replaces you.  Even with an encypted filesystem, all it takes is lots
of compute power to break with key, and/or the password for the key.
So with physical access to the server, you could still clone (or
steal) the hard drive, and break it off-site.


> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Sumy
> Sent: Thursday, July 14, 2005 8:24 PM
> To: SBUGTRAQ
> Cc: FULLDISC
> Subject: [Full-disclosure] Rooting Linux with a floppy
> 
> You have lost your root password on your linux box and now 
> you consider formatting everythign to regain control? Your 
> admin is a moron that leaves the server available physically 
> for everybody? You wanna test your Linux box? Don't worry if 
> you have at least a floppy rescue disk under hand,you can 
> root it ;-) )
> 
> The problem with the new version of Linux since 6.2 is :
> http://www.exploitx.com/69/rooting-linux-with-a-floppy/
> --
> Security Portal:
> http://www.exploitx.com
>  Forum: http://www.exploitx.com/forum/
> 
> Other sites:
> http://www.nutritionguides.net
> http://www.mesothelioma911.net
> http://www.Garticles.net
> http://www.WebhostingReview.biz
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ