Security Portal: Why sulogin is Useless on Its Own

“…setting up sulogin for single user mode would appear to make
the system more secure, right? Wrong. The only thing sulogin
accomplishes is that it requires you to enter the root password to
log in when the system boots to single user mode. This doesn’t
really afford any extra protection, since with a root password you
can do anything on the system – modify lilo.conf or inittab, and
remove sulogin. If you do not have the root password, then you
cannot modify or read lilo.conf (unless of course the admin really
messed up).”

“Sulogin is a useful security measure, but is absolutely useless
if not used in conjunction with other security measures. It’s like
putting an expensive deadbolt lock on your screen door. Used
properly, with a secure LILO configuration, sulogin is very
effective for preventing local users from getting access to a root
prompt easily. Of course, even with a secure LILO
configuration, sulogin, and every security patch, it is still
possible for a local user to get a root prompt simply by booting
the machine from a Linux rescue floppy disk
(or other
removable media such as CD-ROM).”

“To fix this you must of course put a password on the BIOS,
and lock the boot order to C: first.
Some BIOSes even let you
set a separate password for booting off removable media. If this
doesn’t convince you that computer security needs to be treated as
a complex system and not a series of seemingly unconnected
problems, then I don’t know what will. Oh wait, actually I do:
Bruce Schneiers new book, Secrets and Lies.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis