SCIENTIFIC-LINUX-USERS Archives

February 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: serious bug in boot sequence when fsck is required
From:
Nico Kadel-Garcia <[log in to unmask]>
Reply To:
Nico Kadel-Garcia <[log in to unmask]>
Date:
Sat, 4 Feb 2012 05:18:00 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (64 lines) 
On Sat, Feb 4, 2012 at 2:22 AM, Yasha Karant <[log in to unmask]> wrote:
> On 02/03/2012 02:43 PM, Tom H wrote:

>> http://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-users&T=0&P=243
>>
>> but Yasha somehow decided that it would turn off the password prompt
>> for single-user mode when all it does is turn off plymouth and allow
>> someone in his situation (according to the Fedora bug) to enter the
>> root password.
>
>
> Please excuse my obvious misunderstanding, but the URL that was mentioned
> and that you repeat contains the statement:
>
> With rd_NO_PLYMOUTH I don't get a prompt for the password for the root
> filesystem encryption, but that's a minor matter relative to the problem
> itself.
>
> End quote.
>
> Not having a prompt for the password is what is stated.  Thus, I assumed
> that under a call to fsck during boot with an abnormal exit from fsck, the
> default behavior of rd_NO_PLYMOUTH would be to allow root access without a
> password during boot.  Admittedly, a boot root password under these

You are referring to the "root user", uid 0, the privileged
administrative user. The programs running on the console, or SSH
session, or telnet, or whatever, pass along the login to other tools
that authenticate and grant the user privileges: that's how a root
user normally logs in on a running system.

The quote is referring to the "root filesystem", which unfortunately
has a similar name, and refers to the contents of the "/" or so-called
"root" level at the top of the fileystem.

You do seem to have a problem with catching a phrase or description,
tying it to a separate and only tangentially related system, and
drawing a lot of conclusions. I sympathize, because tying together
tangentially related facts is how I've done some of my most cunning
work, but it can lead to serious confusion if you make an erroneous
link as occurred above.

> circumstances is little protection to a determined attacker who has physical
> access -- but it will deter the casual hacker.  By analogy, it is rather
> like a deadbolt lock on a wood frame and wood door without metal armor, a
> reinforced wall and door frame:  a determined attacker simply kicks in the
> door, but a casual thief finding the door locked and unwilling to break a
> window leaves.

> I have not done the experiment as if it fails, I do not want to have to go
> through the rescue DVD approach again unless I must.  Has anyone done the
> experiment with SL 6x and verified that rd_NO_PLYMOUTH allows for a
> successful request of a legitimate root password?
>
> Yasha Karant

You don't need to corrupt your disk to try this. Simply add a
mountpoint in /etc/fstab to a disk that does not exist, with it set
for an fsck check, as I previously described, and reboot with the
rescue DVD in hand. You can plan that.

I can't replicate this problem for you because I didn't have, and
don't have, the the bug showing up on my system.

ATOM RSS1 RSS2