"linux single" security problem

["Adam Alexander" <adam tjconline com>]

I recently sent a message to this list regarding the fact that on a default
installation of Redhat 5.2 there exists the capability to type "linux
single" at the lilo prompt and gain immediate root access to the machine
without being asked for a password.  I have received two major categories of
answers:

------------------------------------------------------
1 -- Physically secure the power and reset switch and disable
control-alt-delete

I can see how this would work but this is not an option in my situation and
also the security of an OS should not depend on the physical security of the
computer

2 -- Put a password in the lilo.conf to restrict booting or restrict
arguments to booting

Again, this would seem to work, but even if the mode on lilo.conf
was -rw------- and owned by root, I feel that this is less secure (with the
clear-text password) than the shadow passwords I am using.  (Which, on a
side note, are not enabled by default either.  That one is easy enough to
fix [pwconv] but why not enable them by default?).
------------------------------------------------------

What I want is to find a way to cause a user to be prompted for a root
password after typing "linux single."  I do NOT want to restrict the use of
linux single or restrict rebooting the machine.  I want to secure my
operating system.  =)  Any help on this issue would be greatly appreciated,
and Redhat, if you are listening:

-Shadow passwords are cool and IMO should be enabled by default

-Unrestricted console root access is VERY uncool

Thanks for your time  =)

Adam Alexander