On Friday 14 March 2003 6:58 am, Han Boetes wrote:
Chmouel Boudjnah <[EMAIL PROTECTED]> wrote:I disagree, i don't think that if you go into single user mode that you should be root. You should still have to log in. The argument that someone has physical access to your computer thus making it your problem and not an exploit is IMHO fallacious. No one should be able to get root that easily.
Han Boetes <[EMAIL PROTECTED]> wrote:Ahem, you are right. :)
That's a local exploit. I can think of a few other local???? this is not a exploit if you can _boot_ in single user mode it's
``exploits'' as well, like booting in single user mode.
mean you have acess to the hardware and if you have access we cannot
do anything of security for you.
# Han
perhaps not by default, but if you type linux single init=/bin/sh
at a lilo prompt (or grub, but it would look different), you can bypass any security on the system except for encrypted filesystem security, as far as I'm aware. Besides, with all the knoppix based CD distro's out there, including one that fits on a business card CD, anyone can boot the pc with that and Knoppix will automatically mount all the recognizable partitions as it boots..
Just my 0.02
Scott
