Anyways .. you can secure lilo by adding the following to lilo.conf
restricted
password=xxxxxxxx
Ofcourse you should run lilo afterwards on the command line and change
lilo.conf to read write only for root.
Aj
Two Pence worth :)
On Monday 19 February 2001 5:09 am, you wrote:
> ** Reply to message from Mark Weaver <[EMAIL PROTECTED]> on Sun, 18 Feb 2001
> 22:14:34 -0500
>
> > Bill,
> >
> > I would have to agree. I can't believe it would be THAT easy to get into
> > even one's own machine so easily when the root user's password has been
> > forgotten. Seems to me that's an incredibly HUGE security hole, and find
> > the possibility very unlikely. At least I would hope that it is.
> > --
> > Mark
>
> Mark,
>
> Why do you believe this to be such a security hole? I don't believe it is a
> security hole for several reasons. Primarily, there is no way for a remote
> user to accomplish gaining access to the machine with this method. This
> method by definition requires console access to the machine in order to
> pass lilo (or another boot loader) the appropriate parameter in order to
> boot to single user mode.
>
> Secondly, by properly securing the machine physically you reduce the chance
> of any unauthorized person accessing the machine. If any nonauthorized
> person can physically access the machine, they could simply power off the
> machine and either insert a floppy disk to boot from or perform the process
> in question. This is why all data centers are (mostly) secure environments
> that are typically well guarded either electronically (pass keys) or by
> security personel, or both.
>
> Finally, this is no less secure than any other environment that I am
> familiar with. I regularly work with Windows NT/2000 and Solaris as well as
> Linux and in no case is a lost Administrator/root password a major issue to
> resolve. Microsoft does make it a bit more difficult, however one can still
> gain access to the machine in a variety of ways. Boot disks with FAT and/or
> NTFS support, utilities such a LoPHT or the magic wand application,
> reinstallation of the operating system in a new directory, etc. all make
> access to an NT based system to which one does not have admin authority
> acedemic. The "single user" method works just as well with Solaris.
>
> John LeMay Jr.
> Senior Enterprise Consultant
> NJMC, LLC.
>
>
> [tag] I love deadlines. I like the whooshing sound they make as they fly
> by. - Douglas Adams
