On Fri, 31 Mar 2006 09:21:13 EST, Michael Holstein said: > > Trivial to defeat. Just boot in to single user mode with these kernel > > options: > > single init=/bin/bash > > Again .. only due to initial misconfiguration. > > Nobody should allow alternate switches to be passed to the kernel at > boot .. either by password-protecting the bootloader, or via firmware > (as with OpenBoot). Of course, if you're that paranoid, you *did* configure whatever the machine uses for a BIOS to only boot off the intended hard drive, right? ;) (It's amazing how many boxes I've found that forget that step, so a CD and enough time to hit the RESET button are enough to get you in. And if you have any smarts at all, you don't even need to hang around at the console after you hit reset. It's not that hard to get a Knoppix to start an sshd. :)
Attachment:
pgpCl29qQoHFh.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/