Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Grub Bootprompt: init=/bin/sh severity?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Headhunter123
Guru
Guru


Joined: 19 Oct 2002
Posts: 509
PostPosted: Tue Mar 21, 2006 8:36 am    Post subject: Grub Bootprompt: init=/bin/sh severity? Reply with quote
Hello folks,

as you might know, you can edit the Grub Bootprompt by pressing 'e'.
Replacing or adding a line like "init="/bin/sh" will start a nice little rootshell for you, once the server is started.
You can change the passwords and do everything you want. Hey, you're root!

How severe do you think this problem is? Is it a problem at all? What can you do to prevent these kind of hacks?

Thanks for answers,
Bye :)
Back to top
View user's profile Send private message
Chris W
l33t
l33t


Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
PostPosted: Tue Mar 21, 2006 8:44 am    Post subject: Reply with quote
This particular exploit needs access to the machine or to the machine's console if that is a separate device. Deny that access and this is not an exploit. You cannot secure a machine that is physically insecure.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein
Back to top
View user's profile Send private message
Headhunter123
Guru
Guru


Joined: 19 Oct 2002
Posts: 509
PostPosted: Tue Mar 21, 2006 9:28 am    Post subject: Reply with quote
Yeah, I know. But I bet 99% of all Linux desktop installations are unguared, and I bet another time that 99% of all Linux Users think their installation is more secure than the nextbest WindowsXp.
I tell you: With init=/bin/sh it ain't!

Is there any change to disable this security hole by design?
Back to top
View user's profile Send private message
Chris W
l33t
l33t


Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
PostPosted: Tue Mar 21, 2006 10:03 am    Post subject: Reply with quote
GRUB includes an ability to set a password on the interactive features of the boot manager.

http://www.gnu.org/software/grub/manual/html_node/Security.html#Security
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy