Hi list! Recently I saw if you boot a kernel with a boot option like 'init=/bin/bash' (to example: linux init=/bin/bash) you become root without athentification. Can anybody tell me why it works and how I protect? Thanx! Thomas -- Have A Nice Day -- ________________________________________________________________ Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
Thomas Futschek wrote:
Recently I saw if you boot a kernel with a boot option like 'init=/bin/bash' (to example: linux init=/bin/bash) you become root without athentification.
Can anybody tell me why it works and how I protect?
init=/bin/bash uses a shell instead of the normal init process. This is comparable to booting a rescue system, only that you you use your own installed system instead of a floppy/CD-ROM/DVD. Protect by using the password= and restricted lilo.conf options and using 600 permission for the lilo.conf file. Further protection against using rescue systems: change your BIOS boot sequence to boot only from hard disk and use a BIOS password (this is only a simple protection, people with physical access to the system can do anything from resetting the BIOS to taking out the hard disk - only a crypted file system will help there) Kevin -- _ | Kevin Ivory | Tel: +49-551-37000041 |_ |\ | | Service Network GmbH | Fax: +49-551-3700009 ._|ER | \|ET | Bahnhofsallee 1b | mailto:Ivory@SerNet.de Service Network | 37081 Goettingen | http://www.SerNet.de/
On Wednesday 24 April 2002 11:28, Thomas Futschek wrote:
Hi list!
Recently I saw if you boot a kernel with a boot option like 'init=/bin/bash' (to example: linux init=/bin/bash) you become root without athentification.
Can anybody tell me why it works and how I protect?
You tell the kernel to execute /bin/bash as the first program after boot. You could protect from this by adding "password=xxx" to your /etc/lilo.conf. (Only useful if normal users cannot read this file) If you want the password only to be required when entering parameters on the lilo commandline, add an extra "restricted". See man lilo.conf. Andreas ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************
On Wed, Apr 24, 2002 at 11:47:59AM +0200, Andreas Baetz wrote:
On Wednesday 24 April 2002 11:28, Thomas Futschek wrote:
Hi list!
Recently I saw if you boot a kernel with a boot option like 'init=/bin/bash' (to example: linux init=/bin/bash) you become root without athentification.
Can anybody tell me why it works and how I protect?
You tell the kernel to execute /bin/bash as the first program after boot. You could protect from this by adding "password=xxx" to your /etc/lilo.conf. (Only useful if normal users cannot read this file)
Put in the password, run lilo, take out the password. Theo -- Theo v. Werkhoven ICBM 52 8 24N , 4 32 40E. S.u.S.E 7.3 x86 Kernel 2.4.16-4GB
Hi, Since SuSE 8.0 is coming out, I am toying with the idea of upgrading my firewall/router box. It is currently running 7.0 with kernel 2.2.19 and ipchains. Is the upgrade to the better iptables worth also porting over to the less mature 2.4.x kernel? At this point in those two kernel developments, is there still a security/maturity difference? And if I upgrade to 8.0 will I be able to still install it on an x486 with 64MB RAM, box using the minimal install option? I read that the default install GUI will not run on an old x486, but was not sure about the minimal install option. Also, if upgrading to SuSE 8.0, which kernel does it install by default? Thank you, jeric
On Mittwoch, 24. April 2002 21:09, Theo v. Werkhoven wrote:
ICBM 52 8 24N , 4 32 40E.
The elevation of your ICBM coordinates is missing. This value is essential to achieve a maximum 5 psi radius (area around the blast that includes peak overpressure >= 5 psi, pounds per square inch) on the surface. Robert
On Thu, Apr 25, 2002 at 01:52:20AM +0200, Robert Klein wrote:
On Mittwoch, 24. April 2002 21:09, Theo v. Werkhoven wrote:
ICBM 52 8 24N , 4 32 40E.
The elevation of your ICBM coordinates is missing. This value is essential to achieve a maximum 5 psi radius (area around the blast that includes peak overpressure >= 5 psi, pounds per square inch) on the surface.
Uhu. And how much do you think one's elevation can vary overhere? I'll give you a clue: the lowest area is about 11m bsl, while the highest top is about 100m asl. That's not gonna make an "impressive" difference in pressure. One of them babies should be just about enough for the entire country. Theo -- Theo v. Werkhoven ICBM 52 8 24N , 4 32 40E. S.u.S.E 7.3 x86 Kernel 2.4.16-4GB
Thomas Futschek wrote:
Hi list!
Recently I saw if you boot a kernel with a boot option like 'init=/bin/bash'
(to example: linux init=/bin/bash) you become root without athentification.
You should maybe read the documentation of your boot loader. (lilo, grub?) Quickly you will find out that there are of course ways to restrict the possibilities to boot Linux like this. But as far as security is concerned this can only be one step in securing your machine (if this is what your want) since most PCs still have floppy drives and creating a linux boot floppy is not really difficult. So you have disable access to your floppy drive in the BIOS, at least protect access to the BIOS with a password or even better remove the floppy drive alltogether. And depending on your wanted level of security you might have to bury your machine in a deep dungeon where no one will ever be able to access it anymore - be it physically or over a network link ;-) Anyway, man lilo and man lilo.conf would be sufficient to solve your problem I guess.
Can anybody tell me why it works and how I protect?
It works because someone wanted that feature, and it can be helpful for all kind of things from filesystem recovery to detection of hardware problems.
Thanx! Thomas
-- Have A Nice Day -- ________________________________________________________________ Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
HTH, Erwin
On Wednesday 24 April 2002 05:28 am, Thomas Futschek wrote:
Recently I saw if you boot a kernel with a boot option like 'init=/bin/bash' (to example: linux init=/bin/bash) you become root without athentification.
Can anybody tell me why it works and how I protect?
Others have quite adequately explained the LILO aspects of this, but I would add one comment: Physical security is an important aspect of any system, and you need to protect access to the physical console. Even a BIOS password can be circumvented, by using the jumper on (many) motherboards that allows the BIOS to be totally flushed and reset through temporarily removing its battery power. If your system is important, the physical console needs to be under lock and key. That's true of all systems, not just Linux. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them courtney@4th.com | having a bad operating system." -- Linus Torvalds http://www.4th.com/ | ("The Rebel Code," NY Times, 21 February 1999)
participants (8)
-
Andreas Baetz -
Erwin Zierler - stubainet.at -
jeric -
Kevin Ivory -
Robert Klein -
Scott Courtney -
Theo v. Werkhoven -
Thomas Futschek