dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


LinuxPPC Security Update: single user mode

Oct 02, 2000, 21:11 (5 Talkback[s])

All computers with existing versions of LinuxPPC installed are accessible as root by anyone if they are able to boot the machine in single user mode. Fortunately, The solution is very simple. You can disable the automatic login as root when the machine is booted into single user mode. The method for doing this is described below.

This update is retroactive -- that is, it covers every previous version of LinuxPPC. All previus releases (including Release 4 and 4.1) have this vulnerability.

To disable automatic login as root when the machine is booted into single user mode, you need to add two lines to the file /etc/inittab. Add these lines to the very end of the file:

# What to do in single-user mode.
~:S:wait:/sbin/sulogin

After doing this, you must reboot the computer for the changes to take effect.

An explanation of what this does.

The first line is a comment. Commented lines always begin with the pound (#) sign. They're ignored by the computer. The next line tells the computer to run /sbin/sulogin, which asks for the password for root, when someone trys to boot in single user mode,

If your system is set up so that it doesn't ask you for the root password at all, it will do so after you add this line to /etc/inittab and reboot. The /etc/inittab file is read before any logins are allowed, which makes this action immediately effective upon reboot.

This security feature will be built in to the next version of LinuxPPC.