lilo passwd, boot single [was Is Red hat truly flawed?]

Scott, Simon Simon.Scott at SEALCORP.com.au
Tue May 2 15:10:05 WST 2000


How about 'lock the door'... :)

Reminds me of a time in my first job, I had been there 2 months and noticed
that the computer room (billions of $$$s in production data) door was left
unlocked (btw, it was right next to reception, and the receptionist spent
time away from her desk), and the production machine (an Alpha running VMS)
was left logged in as 'manager'... I danced, jumped up and down and screamed
about the situation, but noone listened.

A year later, a long term employee was leaving and said to the MD 'BTW, if
you leave that door open and that machine logged in, someone like me could
end your business in about 20 seconds flat'....viola! instant security.

 "With all the security bugs in JavaScript and all the pages that use
  it, a lot of sites are best viewed with telnet www.something.com 80"
                                                       -- Darren Embry
> ------------------------------------------------------
>  Simon Scott
>  DBA
>  Sealcorp Holdings Limited
>  Perth, WA
>  e-mail:  simon.scott at sealcorp.com.au
>  phone:  08 9265 5648
> ------------------------------------------------------
> 
> 


> -----Original Message-----
> From: Matt Kemner [mailto:zombie at wasp.net.au]
> Sent: Tuesday, 2 May 2000 2:57
> To: plug at plug.linux.org.au
> Subject: Re: lilo passwd, boot single [was Is Red hat truly flawed?]
> 
> 
> On Tue, 2 May 2000, Bevan Broun wrote:
> 
> > I looked at this soln but dont like the way this was being
> > handled (passwd in plain text). I think the correct soln is 
> to add   
> > lS:S:wait:/sbin/sulogin to /etc/inittab
> 
> No, because you can still bypass that with init=/bin/bash
> 
> Also, you can bypass lilo altogether by booting from floppy.
> 
> I think this is what Christian was referring to when he said 
> console access is hard to defend against.
> Every time you patch up one hole, there is another one to worry about.
> 
>  - Matt
> 
> 



More information about the plug mailing list