[techtalk] Re: techtalk digest, Vol 1 #445 - 11 msgs

Mandi mandi at linuxchick.org
Fri May 11 23:14:36 EST 2001 

"init 1" isn't meant to be "a hidden way in".  If you're logged in
remotely, it's not a way in at all, because running it will shutdown all
networking on the host and kick your butt out.

Not to mention that you have to be a superuser to run init anyway.

Init exists in all System V based unices as a way for someone at the
console to get into the system.  Now, if you're used to a windows
environment, the only way you'll ever (legitimately) interact with the
host as a whole is at the console.  However, because Unices allow remote
access, in most cases only the sysadmin will ever be at the console.
Meaning, only the sysadmin is going to be able to sit AT THE MACHINE and
interact with it the host's own input/output devices (keyboard, mouse,
monitor).

Now, if this were really an M$ style "exploit", there would be no way to
get around it, and it would be remotely exploitable.  Not to mention that
you can get the administrator password on a win2k or nt box in a matter of
hours (in many cases) with L0phtcrack anyway, so why would you need to
reboot? :)

For desktop unix, if you have need to worry about the physical security of
the hosts you are deploying, get rid of init 1 in /etc/inittab.  Comment
out the lines about runlevel 1.  You can also password protect LILO.
There are some instructions here:
http://lists.linux-india.org/lists/ilug-c/200104/msg00009.html
(i looked up ""init 1" linux password protect" on google.)

Make sure you change the /etc/lilo.conf file to mode 0400.

--mandi

On Fri, 11 May 2001, Linda MacPhee-Cobb wrote:

>
> But again, if it is a 'recovery thing' where is the documentation?  Why
> wasn't it clearly in the manual?
>
> Why bother having passwords if anybody can get around them?  Don't you think
> that by putting encrypted passwords on a computer one would be led to
> believe that a password was needed to gain entry?  Especially since linux
> makes such a big deal about how secure it is.
>
> Yes you can pull out the hard drive and stick it in another machine.  You
> can take a crow bar to my back door and get in my house as well.
>
> But if all your neighbors had a pass key to your house when you bought it
> and you were not told about it wouldn't you feel a bit violated?
>
> That is how this is... a hidden way in, and it leads one to wonder what else
> is hidden and why.
>
> Linda
>
>
> >From: Angela Nash <Chick at the-nashes.net>
> >To: 'Linda MacPhee-Cobb' <prettyphysicslady at hotmail.com>,
> >techtalk at linuxchix.org
> >Subject: RE: [techtalk] Re: techtalk digest, Vol 1 #447 - 11 msgs
> >Date: Fri, 11 May 2001 22:32:10 -0400
> >MIME-Version: 1.0
> >Received: from [216.254.90.131] by hotmail.com (3.2) with ESMTP id
> >MHotMailBCC5EBAC00CA4004319ED8FE5A830CAF0; Fri May 11 19:32:13 2001
> >Received: by NASH-PDC.the-nashes.net with Internet Mail Service
> >(5.5.2650.21)id <21X1KTYS>; Fri, 11 May 2001 22:32:11 -0400
> >From jason at the-nashes.net Fri May 11 19:33:15 2001
> >Message-ID:
> ><15DF588D2F47C046975BA9CC56A55055086274 at NASH-PDC.the-nashes.net>
> >X-Mailer: Internet Mail Service (5.5.2650.21)
> >
> >This isn't a LILO thing.  This is an "init" thing.  When you type "linux 1"
> >or "linux s" at the LILO prompt it is passing the 1 or s parameter to the
> >kernel, which hands it to the init process.  The init process then finds
> >this runlevel in the /etc/inittab and executes the processes.  This is how
> >the other runlevels operate too.  So if you want to remove it you need to
> >edit the /etc/inittab file.
> >
> >This isn't a backdoor.  It's a recovery procedure.  Almost every UNIX type
> >system has the same thing.  Physical security is every bit as important as
> >passwords and file permissions.  You can either remove this runlevel from
> >the inittab file, or just add a password to the LILO prompt.  But, if I
> >have
> >a bootdisk I can get by both unless you encrypt the filesystem.
> >
> >Jason
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
>

More information about the Techtalk mailing list