Thanks a lot for help. i started the question not to hack any system but i was curious to know that in linux its easy to change the root passwd in this case the authenticity is a problem. still it can be changed by a boot CD even i think so u have apasswd for boot loader. so in this case what should be done? and also is there any other flaws which are openly known i am not intrested to destruct any system but want to know which is already known to ppl that if root passwd can be changed any other way also? thanks to all for helping me out regards, ankit --- Ray Olszewski <ray@xxxxxxxxxxx> wrote: > At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote: > >On Wednesday 30 March 2005 08:36 am, Ray Olszewski > wrote: > > > Any other suggestion of how to become root > without knowing the root > > > password is a technique for breaking into > systems, and I (and I hope > > > everyone else) will not give advice on that > publicly, in this forum or > > > anywhere else. > > > >I respectfully disagree. How will sysadmins ever > know how to secure their > >systems unless they know HOW break-ins occur. > Certainly most hacking doesnt > >come from boot CDs but having a more informed > sysadmin is infinitely better > >than one that only discovers how to make their > system more secure *AFTER* > >being broken into. > > > >What you are saying is that security through > obscurity is good and there have > >been countless rebuttals on just how horrible > security though obscurity is in > >99% of the situations. The only reason for S.T.O. > is a company that found an > >exploit and is giving lead-time to the vendor to > patch their vulnerable > >software. > > I wasn't quite saying that, and I apologize if my > abbreviated presentation > led you down that path. My reluctance was specific > to this context, in > which someone was asking not how to secure a system, > but how to become root > without knowing the root password. That it was his > own system he wanted to > break into certainly is relevant, but, on a public > list, it is not the only > consideration. > > I do believe that sysadmins need to know how to > secure thair systems. There > are plenty of sites on the Internet, and books and > articles in print, that > offer this sort of help. And one can learn how to > secure systems without > receiving detailed tutorials in how to exploit > common holes (buffer > overflows, overprivileged daemons, weak passwords, > and so on). > > But I also believe that giving step-by-step > instructions for how to break > into systems, on a list intended for beginners, is > not the best way to make > this information public. That sort of help is a bit > more than fighting > "security through obscurity" by identifying > vulnerabilities, in my opinion > ... it amounts to tutoring crackers, something I > personally do not care to > do. Particularly in the context of the actual > question, which involved a > system that the poster (presumably) had physical > access to, so could retake > control of with a rescue disk. > > If you (and Tobias, and anyone else) feel > differently, then you should act > on your beliefs and provide this sort of information > on request, I suppose. > So I do apologize for the suggestion that my > personal view here should > restrict what you and others do. Please feel free to > provide any > information of this sort that you have, and be sure > I will not criticize > you for doing so. > > > - > : send the line > "unsubscribe linux-newbie" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at > http://vger.kernel.org/majordomo-info.html > Please read the FAQ at > http://www.linux-learn.org/faqs > __________________________________ Do you Yahoo!? Yahoo! Personals - Better first dates. More second dates. http://personals.yahoo.com - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
