[TUHS] shell escapes in utilities
Niklas Karlsson
nikke.karlsson at gmail.com
Wed Aug 2 13:42:49 AEST 2023
Den ons 2 aug. 2023 kl 05:01 skrev Grant Taylor via TUHS <tuhs at tuhs.org>:
> On 8/1/23 1:55 PM, Niklas Karlsson wrote:
> > What you did with that RS/6000 sounds roughly equivalent to booting
> > a modern Linux box in single-user mode, where you can also set the
> > root password to anything you like.
>
> I think that's *HIGHLY* dependent on the distribution. Some systems
> make it harder than others to get into single user mode. I feel like
> "sulogin" comes into play here.
>
> The thing that I used to do is append "init=/bin/sh" to the GRUB boot
> line via the transient editor. Drops you at a shell and bypasses almost
> all of the startup scripts. Obviously there are ways to secure against
> this. But, again, it depends on the distro.
>
Sure. Like I said, there are ways and means to avoid this. Not going to
argue against that.
Niklas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20230802/a764dc6d/attachment.htm>
More information about the TUHS
mailing list