** Reply to message from Mark Weaver <[EMAIL PROTECTED]> on Sun, 18 Feb 2001
22:14:34 -0500
> Bill,
>
> I would have to agree. I can't believe it would be THAT easy to get into
> even one's own machine so easily when the root user's password has been
> forgotten. Seems to me that's an incredibly HUGE security hole, and find
> the possibility very unlikely. At least I would hope that it is.
> --
> Mark
Mark,
Why do you believe this to be such a security hole? I don't believe it is a
security hole for several reasons. Primarily, there is no way for a remote user
to accomplish gaining access to the machine with this method. This method by
definition requires console access to the machine in order to pass lilo (or
another boot loader) the appropriate parameter in order to boot to single user
mode.
Secondly, by properly securing the machine physically you reduce the chance of
any unauthorized person accessing the machine. If any nonauthorized person can
physically access the machine, they could simply power off the machine and
either insert a floppy disk to boot from or perform the process in question.
This is why all data centers are (mostly) secure environments that are typically
well guarded either electronically (pass keys) or by security personel, or both.
Finally, this is no less secure than any other environment that I am familiar
with. I regularly work with Windows NT/2000 and Solaris as well as Linux and in
no case is a lost Administrator/root password a major issue to resolve.
Microsoft does make it a bit more difficult, however one can still gain access
to the machine in a variety of ways. Boot disks with FAT and/or NTFS support,
utilities such a LoPHT or the magic wand application, reinstallation of the
operating system in a new directory, etc. all make access to an NT based system
to which one does not have admin authority acedemic. The "single user" method
works just as well with Solaris.
John LeMay Jr.
Senior Enterprise Consultant
NJMC, LLC.
[tag] I love deadlines. I like the whooshing sound they make as they fly by. -
Douglas Adams
