Tiny Core Base > TCB Q&A Forum

Big security flaw with custom user and noautologin

<< < (3/3)

danielibarnes:
Not if you already set the passwords with "secure." If you examine /etc/init.d/tc-config you will see that it uses chpasswd to set the passwords. There are three different ways to set passwords:
1) Boot with the "secure" boot parameter,
2) Use chpasswd, or
3) Use passwd.

baz:
awesome possum - can we rename "secure" to "setpassword"

moB:

--- Quote from: danielibarnes on February 26, 2010, 02:14:24 PM ---once you save the password in /etc/shadow you only need the noautologin boot parameter.

--- End quote ---

Suppose one could still boot to CMD only (noX) edit shadow so passwords are blank ("root::...") done this before when passwords were lost (old OS hadn't been in use, but I needed to access some files...)

Often setting bootcode "linux single" results in root login without need to edit shadow; this has worked before, too. Is it prevented in TC?

Keep access to your (physical box) system secure and you will be secure.
Paswords are only a slight deterence to intrusion. Even windoze can be accessed by simple methods.
Check out RecoveryCD (gentoo-based.)

b.

"Ships are safe in harbor, but were never meant to stay there."

curaga:
There are no runlevels in TC, so the single code wouldn't do anything.

moB:
Also, my comments about security weakness do not apply to encrypted backups. So for those needing more security the "protect" boot option seems best.

It still wouldn't protect those files in persistent mode, of course. So adjust settings to suit your requirements.

b

"and yet so mystical and well nigh ineffable was it, that I almost despair of putting it in a comprehensible form."
The Whale

Navigation

[0] Message Index

[*] Previous page