Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
Lars Müller wrote:
On Fri, Mar 02, 2012 at 07:47:50AM -0500, James Knott wrote:
Roger Oberholtzer wrote:
With Linux, give anyone a grub menu and nothing else, and it's trivial to
get to a root prompt and change the root password.
In a corporate world, the trick then would be to set the root password
back after this so the IT police don't know you did it...
The trick to resetting the password is knowing what it was
originally. It's easy enough to change the password to something
new, but restoring the original?
a) boot with init=/bin/bash
b) mv /etc/shadow /etc/shadow.orig&& cp -a /etc/shadow.orig /etc/shadow
c) passwd

As soon as you finished your work you move /etc/shadow.orig back. The
majority will not notice this. As they have not protected the boot
loader.

As soon as the boot loader ist password protected it gets only a bit
more tricky. Remove the harddisk and manipulate all from inside a
different host. In this case you'll very likely not be able to boot
from an external media.

Well, you can protect more and more and at the end all these evil red
hairy monters will find a way. ;)

The only items very well protected against use are printers. ;)

Lars

And why should people have to do this to work around an incredibly STOOPID decision?


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread