From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MdYPm-0007nC-MX for garchives@archives.gentoo.org; Tue, 18 Aug 2009 23:48:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2F2D3E03FB; Tue, 18 Aug 2009 23:48:29 +0000 (UTC) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by pigeon.gentoo.org (Postfix) with ESMTP id 1CEBEE03FB for ; Tue, 18 Aug 2009 23:48:29 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by gateway1.messagingengine.com (Postfix) with ESMTP id BB99056EEA for ; Tue, 18 Aug 2009 19:48:28 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Tue, 18 Aug 2009 19:48:28 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=messagingengine.com; h=subject:from:to:in-reply-to:references:content-type:date:message-id:mime-version:content-transfer-encoding; s=smtpout; bh=/yGx6PgxcY/klpNJX06mIzq0eqM=; b=Cl3YvAynbBAtBtzJ/da/Vw54eVAFkq6g9oi96Rw9Z830iWH+1zmuh0adCtGwOQ9eQJDhbBUa76RWUITFSzSvEZaF6PUJsbcGe/GpquoeJujwlR9pKcn7JdOgbv1jAjlhqacFcoq22nafNdFt16FMMuPOlXYVoF/6aEZl9IncNO0= X-Sasl-enc: az1rgZuRdAKwIXbk/QfprvVZXf/Wc5POe60iMQQRQGTs 1250639307 Received: from [192.168.31.12] (cpe-024-211-156-075.nc.res.rr.com [24.211.156.75]) by www.fastmail.fm (Postfix) with ESMTPSA id C78CFFC7A for ; Tue, 18 Aug 2009 19:48:27 -0400 (EDT) Subject: Re: [gentoo-user] Re: I lost the ability to boot into single user From: Albert Hopkins To: gentoo-user@lists.gentoo.org In-Reply-To: <200908190120.53264.alan.mckinnon@gmail.com> References: <20090818181150.3a2e5463@napoleon.spore.ath.cx> <200908190120.53264.alan.mckinnon@gmail.com> Content-Type: text/plain Date: Tue, 18 Aug 2009 19:47:30 -0400 Message-Id: <1250639250.5388.8.camel@centar.nbk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.26.3 Content-Transfer-Encoding: 7bit X-Archives-Salt: 304f63ab-45f5-48f7-9e88-53d50eac1af6 X-Archives-Hash: 930a473619f7d396f1a33f03d95dae33 On Wed, 2009-08-19 at 01:20 +0200, Alan McKinnon wrote: > > In a pinch, you can also use the argument init=/bin/bash to get a > > bash shell up without using init. It's saved me a CD or a heap of > > trouble a few times. > > Wait until some bastard runs > > mv /bin/bash /bin/bash.gotcha > > then you try init=/bin/bash :-) > > It causes utter carnage, without another shell handy, you do need a CD > to get > around that one. Hmm.. let's see, who could successfully run that command? $ ls -ld /bin /bin/bash 4.0K drwxr-xr-x 2 root root 4.0K 2009-08-17 12:56 /bin/ 864K -rwxr-xr-x 1 root root 861K 2009-08-15 20:46 /bin/bash* Oh, the same "bastard" who can 'passwd root' or 'rm -rf /' or pretty much anything else. So if you have a person who has the capability and will to do that then I think you have far more to worry about. So the moral to the story is don't give root access to "bastards".