On Wed, Feb 25, 2009 at 12:02:58AM -0500, Michael Gilbert wrote: > package: debian-installer > severity: important > tags: security > > there is now an option in the expert mode of the debian-installer that > allows the user to install their system without a root account > (replacing it with sudo priviledges for the default user). this exposes > a loophole that enables local attackers to easily obtain root access.
There are several ways in which a local attacker can get root access. 'init=/bin/bash'. boot with the 'emergency' option (which causes sysvinit to do almost the same thing as 'init=/bin/bash'). Boot a live-CD, chroot into the target system. Worst case, remove the disk from the system, put it in a different machine, and chroot from there. While it may be a bug, I don't think an additional way to do this warrants this to be tagged 'security'. YMMV, of course. -- <Lo-lan-do> Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org