Re: "linux single" security problem

["Adam Alexander" <adam tjconline com>]

Looks like a password-protected lilo is the way to go then.  Thanks for your
help, Steve, and I also really liked Mark Neidorff's idea about removing the
password from lilo.conf after running /sbin/lilo to update the MBR.  I tried
that and it works perfectly.  And thanks to everyone else who offered
suggestions that I haven't mentioned here..  Happy Holidays. =)

Adam Alexander

-----Original Message-----
From: Steve Borho <sborho ststech com>
To: redhat-list redhat com <redhat-list redhat com>
Date: Thursday, December 31, 1998 11:47 AM
Subject: Re: "linux single" security problem


>I apologize if I was terse, but security without physical security is a
>myth.  BTW, "linux single" isn't the only thing you have to worry about.
>A user could also type "linux init=/bin/sh" and get a root prompt as well.
>
>chmod 600 /etc/lilo.conf is just as secure as shadow passwords.  If you're
>concerned about users snooping in the files in /etc, chmod o-r /etc
>and rename lilo.conf to lilo.moved.conf.
>
>There is no simple answer to your question, if there was it would have
>been implemented by default, me thinks.
>
>--
>Steve Borho <sborho ststech com>