lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C49470270F5AD43A0BDEA0F130C850B011CAE77@its-emb1.umflint.edu> Date: Fri Jul 15 12:17:23 2005 From: jlauro at umflint.edu (Lauro, John) Subject: Rooting Linux with a floppy 6.2? What is that??? Latest kernel is 2.6... This is true of the default install of almost every Unix-like OS including Solaris and, and ever Windows OS including Windows 2003 (although the files you have to alter are different in Windows). (Of course with windows you generally need at least a boot CD to get enough tools to do anything useful). Note, this is the standard *default* setup... With Linux (and others), you can use an encrypted filesystem if you are paranoid at the cost of a performance hit and the ability to do full autostart without leaving the key in the machine... I'm not even sure if there is a distribution that ships with it as an option for a standard install, as it's generally better to keep the servers phyisically secure then the PITA it causes from the performance hit and most of the time it is good to leave an emergency back-door for the admin who replaces you. Even with an encypted filesystem, all it takes is lots of compute power to break with key, and/or the password for the key. So with physical access to the server, you could still clone (or steal) the hard drive, and break it off-site. > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Sumy > Sent: Thursday, July 14, 2005 8:24 PM > To: SBUGTRAQ > Cc: FULLDISC > Subject: [Full-disclosure] Rooting Linux with a floppy > > You have lost your root password on your linux box and now > you consider formatting everythign to regain control? Your > admin is a moron that leaves the server available physically > for everybody? You wanna test your Linux box? Don't worry if > you have at least a floppy rescue disk under hand,you can > root it ;-) ) > > The problem with the new version of Linux since 6.2 is : > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ > -- > Security Portal: > http://www.exploitx.com > Forum: http://www.exploitx.com/forum/ > > Other sites: > http://www.nutritionguides.net > http://www.mesothelioma911.net > http://www.Garticles.net > http://www.WebhostingReview.biz > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists