On Mon, 12 Oct 1998 05:21:25 -0700 (PDT), Kenneth Scharf wrote: >This is a security hole ONLY if someone has access to the machine >itself.
This is not exactly uncommon, especially in computer labs. >>What's wrong with giving LILO a kernel command line of "init=/bin/sh"? >This way >>you boot straight into sh, and you can then change the root password. [...] >Ouch, I tried it, it really works!!!! That means on a standard >Linux-machine, everybody could just switch off the power, give the >LILO-kernel option on reboot and be root??!! Why not simply drop the >need of a login password? You can give LILO the "password" option in lilo.conf so that people must enter a password when they try to specify different kernel options than the default ones. -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-877776 (fax) * [EMAIL PROTECTED] * PGP ok!