[sf-lug] recovery from loss of root password

Michael Paoli Michael.Paoli at cal.berkeley.edu
Wed Sep 26 04:09:13 PDT 2007


Also, passing
will work with any method that allows one to pass that as kernel boot
argument (e.g. GRUB, etc. - not just LILO).

One can also simply crash the system and boot from alternative
media - e.g. CD-ROM ... but that won't be so useful if the root (/)
filesystem is strongly encrypted (e.g. LUKS) and one doesn't have or can't
determine passphrase to decrypt the root filesystem.

kernel local root exploit certainly wouldn't be the most conventional
means to recovering the root password; if attempted, it also runs fair
probability of crashing the system anyway.

Quoting Deeþan Chakravarthy <codeshepherd at gmail.com>:

> Kristian Erik Hermansen wrote:
> > On 9/18/07, Alex Kleider <a_kleider at yahoo.com> wrote:
> >   
> >> Recovering from loss of root password:
> >>
> >> There are a couple of documented methods of recovering when a root
> >> password is forgotten:
> >> 1. if boot loader is lilo, the boot: Linux init=/bin/sh option is
> >> supposed to provide a shell with root privileges and further details
> >> are documented in the Debian tips chapter (8) of the Debian Reference
> >> Unfortunately this is of little use since Debian now uses GRUB, not
> >> LILO.
> >> Preliminary question: is there an equivalent GRUB boot option?
> >
> > As far as I know, init=/bin/sh is just an option being passed to the
> > kernel, so this works exactly the same way using GRUB.  Correct me if
> > I am wrong here.  I haven't used lilo since probably 2001, heh...
> >
> > Another more unusual way to recover the root credentials is to log on
> > as a normal user and then elevate to id=0 via a localized kernel
> Hi Kristian,
>   I'm not aware of localized kernel exploit. I did google on "localized 
> kernel exploit" , it took me to your message :P
> Can you explain more about the same ?
> > exploit.  Then just reset your passwd...

More information about the sf-lug mailing list