From mjschack on Mon, 21 Feb 2000
In reference to your explanation of how to recover a lost password in the current issue of the Linux Gazette, there is a simpler method.
For instance, if your kernel is labeled "linux," you could reboot (assuming your currently using the system), type "linux 1" at the boot prompt, boot to single-user mode, type "passwd" when at the prompt and then enter a new password. To get it all in one logical sequence, the next command could be "telinit 3" or if XDM is running the show, "telinit 5." "Telinit 6" in this scenario wouldn't be necessary, since no volatile changes to the disk have been made.
Just my two cents.
That will work on some Linux distributions under some configurations. However, most modern distributions use an "sulogin" utility to password protect the single user mode.
The steps I gave will handle most systems. Two cases that are likely to interfere with the procedure I outlined would be:
- System has a LILO password enabled to prevent passing over-ride parameters to the kernel
System has CMOS password in place to prevent booting from floppy and other removable media.
- System has ppdd (privacy protected disk driver) installed and the root filesystem is encrypted.
There are ways to get around the second part of problem #1 --- (which bypasses the LILO password). However, scenario #2 would be VERY difficult to get around.
The number of system that are actually secured to this degree is way less than 1%. This is actually a bit of a pity in some ways, since users don't REALLY know if their computer workstation, left unattended in their open cubicle is trustworthy when they sit down at it in the morning and type their passwords into it. Ultimately this means that most businesses have somewhat limited accountability --- they can't definitely assert that a given user was the one who used a particular account to violate some policy. This is a limitation of PCs (and most other commonly available workstations) that has nothing to do with the OS.
As I've described, it's possible to lock down a PC running Linux so that it takes some pretty studly work to get into them. However, it's pretty rare.
Incidentally, the MBR in recent Debian Potato releases may be insecure from scenario #1. There was a feature added that allows one to bypass CMOS boot restrictions and boot from floppy by pressing the apropriate key sequence in the MBR boot loader.
This was discussed a couple of weeks ago one the Bugtraq security mailing list. It is possible to over-ride this default using options to the Debian install-mbr command. See its man page for details.