HELP root password unknown

[David S. Herron]

In article <28378 at usc> kjh at pollux.usc.edu (Kenneth J. Hendrickson) writes:
>In article <1990Nov20.094505.896 at ceres.physics.uiowa.edu> rlm at ceres.physics.uiowa.edu writes:
>>Someone (a hacker I suppose) has changed the root password on our ESIX system 
>>- is it possible to access the system to reset this?
>
>I HOPE NOT.  If there is, then all ESIX systems are terribly insecure.
>I hope you have to have each user backup their stuff, and re-load the OS
>off of the original disks and/or tapes.  I hope this not to wish you a
>terrible lot of work, but because I am thinking about ESIX, and I
>wouldn't want such an insecure system.

Now now now.. calm down.

For eons and eons (maybe since even the Epoch (1-Jan-70)) there have been
numerous ways of getting priveledged access to systems if you have
physical access.  Sometimes with the help of the distribution media.

On Vaxen you'd press BREAK (or sometimes ^P) and then some variant of
the "b" (or boot) command will bring you to "single user".  (single-user
means you have a "root shell" which is the only thing running in the system)

On Sun's you press L1-A and then "b -s" and you again go to single-user.

On most SysV's I'm familiar with you take the first floppy from the
distribution set (the boot floppy) & boot it.  Then during the initial
messages you hit the interrupt character (DEL usually..) and you're
dropped to a single-user shell.

All this is documented in the relavent manuals &so I don't see that it's
any great security risk to let the information out.

Besides, if someone has physical access to your system they could do
something as "gross" as taking the physical machine somewhere so that
they can play with it at their leisure.  This is one of the reasons
why I don't understand wanting to have *computers* on each desk ...

-- 
<- David Herron, an MMDF & WIN/MHS guy, <david at twg.com>
<- Formerly: David Herron -- NonResident E-Mail Hack <david at ms.uky.edu>
<-
<- Use the force Wes!