[TUHS] shell escapes in utilities

Niklas Karlsson nikke.karlsson at gmail.com
Wed Aug 2 13:42:49 AEST 2023

Den ons 2 aug. 2023 kl 05:01 skrev Grant Taylor via TUHS <tuhs at tuhs.org>:

> On 8/1/23 1:55 PM, Niklas Karlsson wrote:
> > What you did with that RS/6000 sounds roughly equivalent to booting
> > a modern Linux box in single-user mode, where you can also set the
> > root password to anything you like.
> I think that's *HIGHLY* dependent on the distribution.  Some systems
> make it harder than others to get into single user mode.  I feel like
> "sulogin" comes into play here.
> The thing that I used to do is append "init=/bin/sh" to the GRUB boot
> line via the transient editor.  Drops you at a shell and bypasses almost
> all of the startup scripts.  Obviously there are ways to secure against
> this.  But, again, it depends on the distro.

Sure. Like I said, there are ways and means to avoid this. Not going to
argue against that.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20230802/a764dc6d/attachment.htm>

More information about the TUHS mailing list