failsafe

[Michel]

Does any other linux-dirstrib has the failsafe option??

I don't want this option, it ruins the security. Everyone can become root easily. They just have to give the correct parameters to the kernel. How do I throw it out? Why does Mandrake put something like that. It make linux(-Mandrake) very insecure to my opinion. For people who don't remeber their root-password. Then throw out the password, because everyone who wants to get in, gets in buy using failsafe. Don't talk about lilo, or something..Lilo is not the problem. I'm really really really anoyed by this.How do you throw failsafe out of the linux-distrib???

 

Their shouldn't be any failsafe!!!!

[aru]

Does any other linux-dirstrib has the failsafe option??

 

Every linux distro has that 'feature' :lol:

 

Not as explicit as 'failsafe', but as 'linux single' or 'linux init 1' or something similar either as a menu entry or through the lilo input line (I don't know about other boot loaders, but I guess is similar).

 

Is just a way to go to the desired runlevel from the boot loader stage.

 

You can avoid this behavior editing properly your /etc/lilo.conf file, for example if you add a password= flag to a given image entry such as "failsafe", you are protecting from undesired usage.

 

Also to protect the 'linux single' stuff, you can add the flag "restricted" to your kernel image entries, thus avoiding that anyone can pass flags to the kernel at the lilo prompt.

 

man lilo.conf

 

If you are concerned about that 'flaw' in mandrake, then think about the bios. Is your BIOS protected by password? If not anyone can start your computer from a diskette or a CD and access as root to your linux/windows/whatever you have installed.

 

Or exagerating a bit on this issue, Is your computer protected against anyone with a screwdriver? ... concluding, If anyone is able to access phiscally to your computer, you are lost :wink:

[pmpatrick]

You can remove the failsafe entry in Mandrake Control Center>Boot. Tick the Configure button. Then press OK in the popup window which brings up a second popup window giving all your lilo entries. Highlight the failsafe entry and tick the Remove button.

 

However, no system is secure against someone that has physical access to your computer. They could just as easily pop a knoppix cd in, reboot and get root access to all your files or walk off with the hard drive for that matter.

[qnr]

Technically, it's not only for use for people that have forgotten their passwords. It's also necessary if you've screwed up configuration files and can't get in otherwise.

 

Anyway, as was mentioned, if someone can access your computer locally, removing the failsafe option doesn't make a lot of difference. If you're worried about security, you can do things like

 

1. Using an encrypted loopback filesystem

2. Using removable hard drives to contain your private directories.

3. Locking down the computer, and, either on the machine or the AC outlet, locking out access to power.

[mtweidmann]

Lonf live failsafe, it has got me out of trouble more than once.

[Michel]

The big problem with failsafe is that linux does ask a password for root-priviliges(lilo-pazsword is not encrypted)....I don' talk about hardware protection, just that the software wouldn't allow does, hatdware is something else...I just would wqnt that failsafe ask for the password...

[qnr]

See that's the problem. I once accidently changed roots default shell in /etc/passwd from /bin/bash[

 

This effectively kept me from logging is as root, or using su

 

If it hadn't been for init 1 required a password, I'd have been out of luck.

 

Edit: Corrected some typos

[Michel]

I see why it exist, but I don't want it! In your situation: make a bootdisk(have not one myself....yet:), but this is how you can solve it probably without failsafe)...you can login as root then: for example: Tom's root-and-boot disk....problem solved I think

 

See that's the problem. I was once accidently changed roots defualt shell in /etc/passwd from /bin/bash[

 

This effectively kept me from logging is as root, or using su

 

If it hadn't been for init 1

[qnr]

Yeah, I use tomsrtbt, but that's like using a sledgehammer to kill a mosquito, in my opinion. And what's to keep someone from using a boot disk to access your computer?

 

init 1 has been around a long time. The fact that you want it gone isn't gonna make a whole lot of difference. Your best bet is simply to make sure that someone can't access AC power to turn the computer on.

[Michel]

I've nothing against failsafe/init1,......like I said it only should ask for the rootpassword before someone can enter it. What would be the problem with this? You can still have a defaultshell for failsafe....just ask for the password.

 

Starting up and using failsafe is just like typing linux in lilo(like a normal why you could enter the system), but using a floppy is something different.

[aRTee]

Michel, why would you want to have the password?

 

This is a wrong idea of security, once someone has access to a machine (server or whatever), the security has been breached.

Anyone getting to a machine can get to the data.

Boot knoppix and you have full access, as PMPatrick has pointed out already. All servers at companies and universities etc. should be behind locked doors or in other ways inaccessible.

 

That someone with access to a machine can become root or get full access does not make that system insecure!!! Don't diss Mdk or any other distro maker over that!!

This is and should be the case for any system!

Yes it's a feature. Suppose a sysop gets fired, before he leaves he fixes up the system so no-one can get in. Now what?? So really, it's a feature! And should not be changed.

 

You can say: yes but with knoppix they don't have the same system running, and don't have my passwords etc.

 

Ok: I can put in the mdk install cd's, choose upgrade, not add any software, set root password, create 1 user, with an arbitrary name.

Reboot, then su to check which usernames are on the system (/home).

Create users with the same name. I now also have the passwords.

chown and chgrp on their files and directories if necessary.

Start their mail programs. If they use 'remember password' I can get all their mail.

It get's worse. If you use GPG or PGP or so, I can use that logged in as your username, and everyone will believe I really am you.

 

So real life secure systems are those that have no known remote exploits (no known=> nobody at all knows them) and are locked away in a vault that no-one can get into.

 

 

 

 

But to get to your question:

Whatabout just taking out the failsafe option in /etc/lilo.conf (cp the old lilo.conf), then run lilo (so the bootmenu doesn't show it), then put the old one with the failsafe option back in place, but without running lilo.

 

If you should ever really need it, put in the first cd, choose 'repair', then repair bootloader, et voila.

 

Next to that, please reread aru's post, and find walhalla there, because he actually mentioned everything that you asked for afaics.

Did you do:

man lilo.conf

to get started?

[Michel]

Yes I looked at lilo.conf multiple times, but everytime thought...this isn't the problem, but will see....Thanks evryone for the comments...Next time, when I come at somebodies home(§of a linux newbie), I'll startup his system, choose failsafe and get root-ptivileges....Nice impression..Yes, but you lett me in...:) Last question? What if you have a network??I sthere a faislafe on every computer???