Don't forget to password protect lilo

Extracted from Web submission (buried in the lilo.conf manpage)
Tip provided by Tim Neu
[ note of the maintainer : if someone has *physical* access to your computer
-which is the case here if he can reboot and type things at lilo prompt-
then it means, even with this protection, that there is no security.
Why? Just think : someone just has to open you box, take your harddisk, and
plug it back in his own computer.
This trick is useful, but don't rely *only* on it ]

Remember to password protect your lilo configuration.  If you do not do this,
anyone can reboot your Linux box and take over your root account immediatly
(without a password), by typing linux init=/bin/bash ro at the lilo boot prompt

Just insert the keyword "restricted" in the linux section of your
and enter a password line to restrict access (See the lilo.conf man page).
This will allow the system to boot normally, but will not allow any boot
time configuration (i.e. bringing the system up in single user mode (i.e.
giving a root prompt without password authentication)
This is documented in lilo.conf, but is often missed.  This can be one way
of resetting the root account on a box without resorting to boot disks as

Follow-up :
| Previous | Next | Index of category | Main Index | Submit |

Appears in section(s) : disk security
Tip recorded : 07-02-1999 15:40:48
HTML page last changed : 27-07-1999 20:07:58