Re: [TCLUG:3932] LILO feature / exploit

["Mark A. Bentley" <bentlema@cs.umn.edu>]

On Fri, 5 Feb 1999, Peter Lukas wrote:
[snip]
>    Anyway, the loophole in lilo is that if you're dual-booting, or even
> have prompt set (or not), you can hit tab or shift or whatever to get to
> the boot: option.  From there, LILO will tell you what your boot options
> are.  Let's pretend that your working kernel label is "Linux"  A common
> parameter is to use this:
> 

The "password" and "restricted" options are also useful.  These options are
specified per-image.  From the man page:

       password=password
              Protect the image by a password.

       restricted
              A password is only required to boot the image if parameters are  
              specified on the command line (e.g. single).

Just make sure you make /etc/lilo.conf readable only by root.  And, by all
means, don't use the same password as root.  If someone actually does find
an exploitable setuid root binary, we wouldn't want it to be so easy for
them to get the root password (since it's stored in plain text in
lilo.conf)

Something else I noticed is that RedHat comes configured so that if you
boot with "single" it will simply drop you into a bash shell.  To fix this,
add a line such as the following to your /etc/inittab:

	co:S:wait:/sbin/sulogin /dev/console

--Mark

==========================================================================
Mark A Bentley                  Email:  bentlema@cs.umn.edu
Systems Staff, CSci Dept
University of Minnesota         URL:    http://www.cs.umn.edu/~bentlema/