rationale of root access from boot
Nicolas Deschildre
ndeschildre at gmail.com
Sun Nov 4 10:00:20 UTC 2007
On 11/4/07, Paul <paulvgenderen at gmail.com> wrote:
> try init=/bin/bash, now do you think Linux is insecure because it has an
> init parameter?
My point was not about the parameter itself. My point was about the
ability to edit the kernel parameters while booting.
IIRC lilo won't allow you that.
>
> Op zondag 04-11-2007 om 11:20 uur [tijdzone +0800], schreef Nicolas
> Deschildre:
> > hi!
> >
> > I was wondering about the rationale of allowing anyone to easily boot
> > root (by adding the 'single' parameter to the kernel command line with
> > grub).
> >
> > While I can understand it on a server, which must be physically
> > protected to be really secure, IMO it is pretty bad on workstations.
> >
> > I know that with some knowledge and perseverance, one can anyway get
> > root access (Live CD, or if BIOS locked or no CD drive, open the box,
> > take the drive), but here, with the 'single' parameter, it is an easy
> > and discrete open door *out of the box*. IMO this is pretty bad
> > security.
> >
> > Nicolas
> >
>
>
More information about the Ubuntu-devel-discuss
mailing list