Security Portal: Why sulogin is Useless on Its OwnSep 06, 2000, 15:13 (4 Talkback[s])
(Other stories by Kurt Seifried)
"...setting up sulogin for single user mode would appear to make the system more secure, right? Wrong. The only thing sulogin accomplishes is that it requires you to enter the root password to log in when the system boots to single user mode. This doesn't really afford any extra protection, since with a root password you can do anything on the system - modify lilo.conf or inittab, and remove sulogin. If you do not have the root password, then you cannot modify or read lilo.conf (unless of course the admin really messed up)."
"Sulogin is a useful security measure, but is absolutely useless if not used in conjunction with other security measures. It's like putting an expensive deadbolt lock on your screen door. Used properly, with a secure LILO configuration, sulogin is very effective for preventing local users from getting access to a root prompt easily. Of course, even with a secure LILO configuration, sulogin, and every security patch, it is still possible for a local user to get a root prompt simply by booting the machine from a Linux rescue floppy disk (or other removable media such as CD-ROM)."
"To fix this you must of course put a password on the BIOS, and lock the boot order to C: first. Some BIOSes even let you set a separate password for booting off removable media. If this doesn't convince you that computer security needs to be treated as a complex system and not a series of seemingly unconnected problems, then I don't know what will. Oh wait, actually I do: Bruce Schneiers new book, Secrets and Lies."