Rooting a local box

Steve Alligood steve at
Thu Apr 26 14:41:18 MDT 2007

You guys are confusing physical security with boot security.

It is true that if you have physical access to a system, you can get 
around any boot security, but you are missing the point that every OS 
will eventually be used with a serial or console connection.

If someone compromises the console server (often easier than it should 
be) then they have console access without physical access.  I would much 
rather have the minor inconvenience of single user requiring a password 
than make anything easier for a would-be cracker.

Nicholas Leippe wrote:
> On Thursday 26 April 2007, Stuart Jansen wrote:
>> On Thu, 2007-04-26 at 12:03 -0600, Nicholas Leippe wrote:
>>> On some distros, even single user asks for the root password. You can get
>>> past that by passing init=/bin/sh to the kernel. If you have /bin/bb,
>>> even better. Where to go from there is left as an exercise for the
>>> reader.
>> Using init=/bin/sh on modern systems with udev, etc. is not for the
>> faint of heart.
> Which is why I left it as an exercise for the reader. ;)
>> If your distro requires the root password to enter 
>> single user mode, it'd probably be easier to just boot from a rescue
>> disk. SUSE is an example of an annoying[1] distro that requires the root
>> password for single user mode, but in compensation the SUSE rescue disk
>> is kinda snazzy.
> Likewise for Gentoo, on both accounts.
>> [1] If you have enough access to reboot into single user mode, you've
>> got enough access to boot from alternative media or pull the drives.
>> Requiring the root password doesn't do much to improve security.
> Yep. When there's physical access to the box, all bets on security are off.
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
Url : 

More information about the PLUG mailing list