| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200603311720.k2VHK6jW008106@turing-police.cc.vt.edu> Date: Fri Mar 31 18:20:14 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Root password change On Fri, 31 Mar 2006 09:21:13 EST, Michael Holstein said: > > Trivial to defeat. Just boot in to single user mode with these kernel > > options: > > single init=/bin/bash > > Again .. only due to initial misconfiguration. > > Nobody should allow alternate switches to be passed to the kernel at > boot .. either by password-protecting the bootloader, or via firmware > (as with OpenBoot). Of course, if you're that paranoid, you *did* configure whatever the machine uses for a BIOS to only boot off the intended hard drive, right? ;) (It's amazing how many boxes I've found that forget that step, so a CD and enough time to hit the RESET button are enough to get you in. And if you have any smarts at all, you don't even need to hang around at the console after you hit reset. It's not that hard to get a Knoppix to start an sshd. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060331/e5a4b764/attachment.bin
Powered by blists - more mailing lists