Everhart,Glenn From: Juergen Schmidt [ju@CT.HEISE.DE] Sent: Tuesday, April 14, 1998 10:36 AM To: BUGTRAQ@NETSPACE.ORG Subject: Re: obsd boot hack (boot-modified-kernel-attack) > Linux systems using LILO to boot are not vulnerable although Sparc > Linux with SILO is vulnerable to a similar "boot-modified-kernel-attack" > unless they are utilize a boot a password in the /etc/silo.conf > configuration file. > (thanks to Jon Paul Nollmann for Linux Q & A) While it is true that Linux/LILO is not vulnerable to this specific attack, it should be noted, that gaining root on a Linux box via LILO boot-prompt is even easier: you don't even need a modified kernel. Giving an init=/bin/sh as boot parameter invokes the shell instead of init. After executing the necessary init-scripts manually, you have full root-access to the machine. To avoid this, you should add "RESTRICTED" and set a password in your lilo.conf, which is then required to set any boot-options (don't forget, to make /etc/lilo.conf read-only for root, it contains the password in clear text) bye, juergen Juergen Schmidt Redakteur/editor c't magazin Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover EMail: ju@ct.heise.de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417