Hi,
sulogin is just one of the measures to make sure that
you make it slightly harder (hopefully) for someone
tring to illegally gain access to your system. Again,
someone has to have physical access to the system to
get into the single user mode (?) and as such IMO,
physical security is just as much important as any
other security measures. Hacking Linux Exposed has
more on how to take possible precautions against the
more common attack methods.
Cheers!
Santhosh
--- Mahesh Aravind <ra_mahesh at yahoo.com> wrote:
> BKR and Santosh,
>
> You both are right. But there still is a
> (so-called) fool-proof way to crack
> root.
>
> It works ONLY IF the bootloader is NOT
> password-protected.
>
>
> See the attachment (err... I actually sent it to
> LFY, but they didn't print
> it.)
>
>
> --
> Mahesh Aravind
>
>
> ? Les cons peuvent ?tre vaincus mais ils n'admettent
> jamais l'?tre. ?
> ("Idiots can be defeated but they never admit it.")
> -- Richard M. Stallman
>
========================================================================
> International | Install Linux. | Register
> yourself at:
> GNU/Linux user #371671 | Lead a GNU Life! |
> http://counter.li.org/
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com > <?xml version="1.0"
encoding="iso-8859-1" ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
> Transitional//EN"
>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
>
>
> <!--
> $Author: maravind $
> $Date: 2006/05/13 06:25:59 $
> $Revision: 1.1 $
>
> $Id: lfy-tips2.html,v 1.1 2006/05/13 06:25:59
> maravind Exp maravind $
> -->
>
> <html xmlns="http://www.w3.org/1999/xhtml";
> lang="en">
> <head>
> <title>2¢ Tips for LFY</title>
> <meta http-equiv="Content-Type"
> content="text/html; charset=utf-8" />
> <style type="text/css">
> <!--
> pre {
> color: rgb(64,64,64); /* Gray25 */
> background-color: rgb(211,211,211); /* LightGray */
> width:90%;
> padding: 10px;
> border: 2px solid rgb(138,43,226); /* BlueViolet */
> }
> -->
> </style>
> </head>
> <body bgcolor="white">
> <h1 align="center">2¢ Tips for LFY</h1>
> <h5 align="right">Contributed by <br/>
> Mahesh Aravind <ra_mahesh at yahoo.com></h5>
>
> <!--
>
>
------------------------------------------------------------------------
>
> -->
>
> <hr/>
> <h3>Tip #1: Cracking <tt>root</tt> (the fool-proof
> way)</h3>
>
> <blockquote>WARNING: Works only if your bootloader
> is <em>not</em>
> password protected.</blockquote>
>
> <p>Alright, your memory is equal to a
> less-than-average gifted 3-year
> old child and you forget your root password every
> two days. Any
> GNU/Linux FAQ has this question
> <q>What if I forget the root password?</q>. And
> they tells you to boot
> into single user mode (with either <tt>1</tt> or
> <tt>single</tt> or
> <tt>S</tt> appended to your <tt>kernel...</tt>
> commandline in the
> bootloader) and do some magic there.</p>
>
> <p>But what if your distro is setup so that it
> demands the root password
> <em>even</em> in the single user mode? A
> chicken-and-egg situation?
> Nope! There still is a fool-proof method to crack
> root. You just have
> to trust your hacker skills. </p>
>
> <p>Go to the bootloader edit screen (in GRUB, press
> <tt>e</tt> against
> your distro's name, <tt>e</tt> again against the
> <tt>kernel...</tt>
> line). Check for the following words:</p>
>
> <pre>
> ... init=/etc/init ...
> </pre>
> or
> <pre>
> ... init=/sbin/init ...
> </pre>
>
> <p>If you don't find it, it's okay. You could
> add/change those words
> to (position in the command-line does not
> matter):</p>
>
>
> <pre>
> ... init=/bin/bash ...
> </pre>
>
> <p>In GRUB, press Esc, and then <tt>b</tt> to boot
> the edited
> commandline. After the initial kernel boot
> messages, you'll see the</p>
> <pre>
> init-2.05#
> </pre>
>
> <p>boot prompt.</p>
>
> <p>The attendive reader can see that we've
> <em>completely</em> bypassed
> the <code>init(8)</code> facility and have been
> dropped directly into
> <code>bash(1)</code> <em>disguissed</em> as
> <code>init(8)</code>.
> Naturally, since we've out-smarted
> <tt>inittab(5)</tt> and other
> start-up scripts, the filesystem is mounted
> read-only!</p>
>
> <p>∴ In order to mount it read-write, do:</p>
>
> <pre>
> init-2.05# <b>mount -w / -o remount</b>
> </pre>
>
> <p>Uhmm… Now we've a read-write filesystem.
> This is necessary to
> edit the files (esp. <tt>/etc/passwd</tt>). Now,
> <strong>delete</strong> the root password by giving
> the simple
> command:</p>
>
> <pre>
> init-2.05# <b>passwd -d root</b>
> </pre>
>
> <p>Technically, we've <em>CRACKED THE
> <tt>ROOT</tt></em>! Now, do a
> <code>sync(8)</code> for insurance and
> <code>reboot(8)</code>.</p>
>
> <pre>
> init-2.05# <b>sync</b>
> init-2.05# <b>shutdown -r now</b>
> </pre>
>
> <p>When the system comes up, you'll have no root
> password. But, in my
> case, I'll still have to log-in as a normal user and
> <code>su</code> to
> root; since I've blanked out my
> <tt>/etc/securetty</tt>.</p>
>
> <hr />
>
> <h3>Tip #2: Bypassing <tt>alias</tt></h3>
>
> <p>If the commands you use daily (like <tt>ls</tt>)
> are <tt>alias</tt>'d
> to a value you don't like, try adding a '<tt>\</tt>'
> in front of the
> command to yield the non-<tt>alias</tt>'d (original)
> version.
>
> <pre>
> dulcinea:~> <b>rm some-file.txt</b>
> rm: remove regular file `some-file.txt'? n
> dulcinea:~> <b>alias rm</b>
> alias rm='rm -i'
> dulcinea:~> <b>\rm some-file.txt</b>
> dulcinea:~>
> </pre>
>
> <hr />
> <h3>Tip #3: Saving memory</h3>
>
> <p>Some of you comment out usused VCs in
> <tt>/etc/inittab</tt> to free
> off some kernel memory. But what you don't know is
> that those memory
> isn't at all <tt>free()</tt>'d by the kernel. So
> next time you do
> a:</p>
>
> <pre>
> <i># /etc/inittab</i>
> ...
>
> # Run gettys in standard runlevels
> 1:2345:respawn:/sbin/mingetty tty1
> 2:2345:respawn:/sbin/mingetty tty2
> # 3:2345:respawn:/sbin/mingetty tty3
> # 4:2345:respawn:/sbin/mingetty tty4
> # 5:2345:respawn:/sbin/mingetty tty5
> # 6:2345:respawn:/sbin/mingetty tty6
> ...
> </pre>
>
> <p>Remember that even if 'getty' is not spawned in a
> <tt>tty</tt>, the
> memory is used by the kernel.</p>
>
>
=== message truncated ===>
_______________________________________________
> Mailinglist mailing list
> Mailinglist at ilug-cochin.org
>
http://ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
