Jump to content

Recommended Posts

Posted

As far as I can tell, not being a Linux expert, it won't do anything stupid and it *might* work. Give it a go, it won't do any harm, just make a note of what your GRUB menu entry said before you changed it.

Reminds me of the giant gaping hole in Ubuntu, I believe they've closed it now, but it used to be the case that if you'd never changed your root password (you're discouraged from messing with root at all), the recovery console didn't need a password. In short what this meant is you could boot a system, drop to recovery, passwd and reboot. Pretty stupid stuff.

Posted

neat, but thing is you would need physical access to the machine. i dont think iv ever seen a linux box in person besides the ones i run. maybe people in the industry would be more likely to run into them.

Posted

If you have physical access it is over, period. Even if you can't access the OS, just grab the hard drive and go. Technically even encryption is vulnerable, just takes a "little" time.

Posted

This is not a hack, this is how it's supposed to be. It does work, because it's intended to. To prevent some one doing this password protect GRUB.

Posted
This is not a hack, this is how it's supposed to be. It does work, because it's intended to. To prevent some one doing this password protect GRUB.

+1 dude excellent reply :)

Posted

Konboot isn't really the same. Booting Linux with init set as a console basically boots the kernel then when the kernel tries to start init (essentially the 'start ever other service the operating system needs' program) it runs bash as root instead (you can set init to be any linux binary really). Konboot on the other hand is essentially a memory resident rootkit that changes how the operating system functions, admittedly it only changes one aspect, but it's the aspect that matters.

Posted

I didn't fully watch the link just got the jist of it and it reminded me of kon-boot. Either way you can get a root prompt in well under a min.

Posted

I condone konboot. I think it's awesome. I have used it at least 20 times, and all for good.

1. getting into windows boxes quickly cause some teenage chick forgets her password

2. Once used it on a business linux box because the admin said F&*k you all! and walked out the door (no pw writedowns)

3. Great tool for the uber paraniod. Think about it. you type in the most stupid hard long password and just.. forget it! keep in on a usb key and that's it.

Posted

That's the beauty of Linux, making things easier and flexible to the end user.

No need to use third party utilities to reset the password.

Posted
That's the beauty of Linux, making things easier and flexible to the end user.

No need to use third party utilities to reset the password.

There's a difference between "vulnerable to a third party bootdisc" and "leaving the keys under the mat".

This is the latter.

Why even bother?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...