And this leads to the simple conclusion that if one has physical access to a computer, then security is largely out the window. Any clown could come in and bootup with a rescue disk (addressing the linux aspect) and do whatever to your drives. If they had the time, they could also bring in a set of linux distro disks and reinstall linux their way.
The only way to prevent this is to turn off the booting from CD in bios and password protecting bios, but then, with physical access it is trivial to kill the bios password (just crack the case and remove the mobo battery for a minute - bios settings are back to default and accessible without a password). Thus, I see no harm at all in hearing the means one would use to create a UID 0 person, append them to passwd and create an appropriately formatted/encrypted shadow password for them in /etc/shadow. praedor On Monday 03 June 2002 10:24 am, David Relson wrote: > At 11:00 AM 6/3/02, praedor wrote: > >Well? Pray-tell, how does one go about appending a new user to Passwd > > with UID 0? Altering Passwd should itself require root priviledges - I > > cannot even get in to single user mode to do damage without my root > > passwd. I haven't had to do it for a long time, but I believe this is > > also true when booting up with a CD and doing "rescue". > > Correct about UID 0... > > The rescue CD I use gives me root privileges. It wouldn't be useful > without them. At the very least I need to mount partitions so I can rescue > my system. mount requires root privileges. > > >Nonetheless, I would love to know how one could do as you describe. Fill > > us in please. > > I, too, am curious. > > David
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
