[TUHS] shell escapes in utilities

Grant Taylor via TUHS tuhs at tuhs.org
Wed Aug 2 13:01:05 AEST 2023

On 8/1/23 1:55 PM, Niklas Karlsson wrote:
> What you did with that RS/6000 sounds roughly equivalent to booting 
> a modern Linux box in single-user mode, where you can also set the 
> root password to anything you like.

I think that's *HIGHLY* dependent on the distribution.  Some systems 
make it harder than others to get into single user mode.  I feel like 
"sulogin" comes into play here.

The thing that I used to do is append "init=/bin/sh" to the GRUB boot 
line via the transient editor.  Drops you at a shell and bypasses almost 
all of the startup scripts.  Obviously there are ways to secure against 
this.  But, again, it depends on the distro.

Grant. . . .

More information about the TUHS mailing list