At 5/11/01 07:47 PM , Linda MacPhee-Cobb wrote:
>But again, if it is a 'recovery thing' where is the documentation? Why
wasn't >it clearly in the manual?
I can't recall how many manuals I've seen that mention "linux single".
Heck, I just advised a friend to boot in single-user mode a couple
At 5/11/01 08:14 PM , Mandi wrote:
>Not to mention that you can get the administrator password on a win2k or
>nt box in a matter of hours (in many cases) with L0phtcrack anyway, so why
>would you need to reboot? :)
Serious answer: Because you changed an IP address, or nearly any other
network
Linda MacPhee-Cobb wrote:
>
> But again, if it is a 'recovery thing' where is the documentation? Why
> wasn't it clearly in the manual?
I don't know. I didn't write the Mandrake manual.
Excuse me, I'll just stuff it into the techtalk FAQ - the only Linux
manual I *DO* have control over...
"init 1" isn't meant to be "a hidden way in". If you're logged in
remotely, it's not a way in at all, because running it will shutdown all
networking on the host and kick your butt out.
Not to mention that you have to be a superuser to run init anyway.
Init exists in all System V based unices
This won't be in the LILO docs because it is really an init option. Our
book is an LPIC 1 (Linux Professional Institute Certification Level 1) study
guide for Hungry Minds/IDG. It should be in stores in June. For more info
on the cert check out www.lpi.org.
Jason
-Original Message-
Fr
Daniel Manrique wrote:
>> If there is one undocumented back door there are many.
>> Who are these back doors built in for? Clearly not the users or there would
>> be documentation.
>
>
> They are perfectly documented.
I wouldn't say 'perfectly' documented - there's nothing there to
tell a
This is extremely well documented. I know it's in the Linux book we wrote.
:) Again, if you want to remove it just edit the inittab. I'm not sure
where you looked for this info, but any Linux recovery information will talk
about the single and emergency runlevel options. I know other UNIX syst
But again, if it is a 'recovery thing' where is the documentation? Why
wasn't it clearly in the manual?
Why bother having passwords if anybody can get around them? Don't you think
that by putting encrypted passwords on a computer one would be led to
believe that a password was needed to gai
Linda MacPhee-Cobb wrote:
> Hi All,
>
> I have been painstakingly going through the lilo documentation. I have
> not found in the documentation, on my computer or at sunsite, a single
> reference to this back door into my computer. It is not even documented
> in the source code.
What keywo
> I have been painstakingly going through the lilo documentation. I have not
> found in the documentation, on my computer or at sunsite, a single reference
> to this back door into my computer. It is not even documented in the source
> code.
then how is it that nearly everybody else knew ab
This isn't a LILO thing. This is an "init" thing. When you type "linux 1"
or "linux s" at the LILO prompt it is passing the 1 or s parameter to the
kernel, which hands it to the init process. The init process then finds
this runlevel in the /etc/inittab and executes the processes. This is how
Hi All,
I have been painstakingly going through the lilo documentation. I have not
found in the documentation, on my computer or at sunsite, a single reference
to this back door into my computer. It is not even documented in the source
code.
The fact we have a back door that allows root acc
Linda MacPhee-Cobb wrote:
> Hi,
>
> I've been informed this is a 'feature' not a 'flaw'. sound like MS?
> Well its a PC. So lets firstly look at this objectively
> Got a screwdriver. Then you have root access.
> Floppy driver and the machine boots floppy first. Then you have root access
Be
They are correct. This is a feature. Booting into single user mode is
there to fix problems and restore lost passwords. Physical security is
important! There is a reason that important computers are in a locked data
center.
If I have physical access to your workstation I can boot from a Linu
Also, if you want to disable this just edit your /etc/inittab and remove the
single user runlevel. Or, put a password on the LILO prompt. But remember,
I can get around that with a boot disk. Like Red Hat said, use an
encryptable file system. Just be careful and don't forget your root
password
>
> I've been informed this is a 'feature' not a 'flaw'. sound like MS?
>
No, it doesn't.
The "linux single" or "linux 1" "security flaw" gets "spotted"
continuously, by people who don't realize that, given physical access to
the computer system, there's virtually *NO* way to protect from
Hi,
I've been informed this is a 'feature' not a 'flaw'. sound like MS?
rom ljcobb Fri May 11 19:
40:05 2001
Return-Path:
<[EMAIL PROTECTED]>
Delivered-To:
[EMAIL PROTECTED]
On Sat, 12 May 2001, Mary Gardiner wrote:
> Some loose notes from 'how to be a popular security flaw spotter,'
as opposed to an unpopular one ;)
> 1) Contact the authors/those responsible first.
This is a good point. Given that the flaw/exploit was posted to a
'beginner's list' I'd be pretty
On Fri, May 11, 2001 at 10:31:19PM +, Vincent Isaac West wrote:
> On Fri, 11 May 2001, Linda MacPhee-Cobb wrote:
>
> > I sent mandrake a bug report, but who should I send this information to? I
> > found it posted on a linux users list for beginners, so it is online for
> > crackers to fin
> I just found a huge security flaw that lets anyone take root control
> of your computer during boot.
> I sent mandrake a bug report, but who should I send this information
> to? I found it posted on a linux users list for beginners, so it is
> online for crackers to find. I found it whi
Can you send me more information on this "exploit"? Mandrake has a security
address on their page too. But if it's on a beginners list, I'd like to see
myself to make sure it's really a problem.
Jason
-Original Message-
From: Linda MacPhee-Cobb [mailto:[EMAIL PROTECTED]]
Sent: Friday,
On Fri, 11 May 2001, Linda MacPhee-Cobb wrote:
> I sent mandrake a bug report, but who should I send this information to? I
> found it posted on a linux users list for beginners, so it is online for
> crackers to find. I found it while searching for something else entirely.
Do you know if an
Hi,
I just found a huge security flaw that lets anyone take root control of your
computer during boot.
I sent mandrake a bug report, but who should I send this information to? I
found it posted on a linux users list for beginners, so it is online for
crackers to find. I found it while searc
I am pretty positive that this is a long shot for linux right now. Are there
Hi-Definition monitors available for computers yet? If they do, then will the
X servers support the high-resolution?
Thank you for any info.
--
Subba Rao
[EMAIL PROTECTED]
http://members.home.net/subba9/
GPG public k
24 matches
Mail list logo
