SUMMARY: 2.5.1 and security issues

From: Marc L. Summers-SysAdmin (
Date: Tue Apr 22 1997 - 08:40:33 CDT

Hello Sun Managers:

Thanks to all who wrote, but none gave any useful
detail as to how to accomplish the security.

My Original post was:
> I have a question involving securing the Solaris 2.5.1 OS.
> I have a few Axils running 2.5.1 Solaris, and my question is
> how do I keep a user, from just booting the system in single
> user mode, changing the shadow file to whatever they like and
> then rebooting and loging in as root?
> I tried this on one of my workstations and it was very
> easily accomplished in just a few minutes time.
> Any suggestions on how to secure this method of root
> access would be much appreciated.

Those that answered:

Apr 20 Sydney Weinstein (54) Re: 2.5.1 and security issues
Apr 20 Danny Johnson (58) Re: 2.5.1 and security issues
Apr 20 varshney@pacbell.n (26) Re: 2.5.1 and security issues
Apr 20 Casper Dik (48) Re: 2.5.1 and security issues
Apr 20 Casper Dik (47) Re: 2.5.1 and security issues
Apr 21 Rasana Atreya (59) Re: 2.5.1 and security issues
Apr 21 David Fetrow (35) Re: 2.5.1 and security issues

After diging into the man page on eeprom, this is how it is done.

NOTE: Solaris 2.5.1 defaults to wide open on security, so if you
      have not done this to any of your machines, then I would
      highly suggest that you do it ASAP, otherwise, some
      unscrupulous person could easily lock you out of your workstation.

There are two commands involved with this, but it appears that when
initially activated, the first command activates the second.


eeprom security-mode=full

eeprom security-password=

As I said previously, when initially activated: eeprom security-mode=full
then this calls the password change part, and asks for a password.

The password is of course asked for twice for verification.

There are three modes, none,command, and full, the default is none.
This is how I was easily able to reboot in single user mode, and
change the shadow file and then login as root.
When set eeprom security-mode=full or command, will require a password
thus preventing the typical user from rebooting the system in single
user mode.

For any additional details please read the man page on eeprom
ie.(man eeprom).

+ ------------------------------------------------- +
+    +++ N  E  C +++ +++ A  M  E  R  I  C  A +++    +
+ ------------------------------------------------- +
+ Marc L. Summers              System Administrator +
+ 3100 N.E. Shute Road      Hillsboro Oregon  97124 +
+ PH: 1-503-681-3338            FAX: 1-503-681-3304 +
+ Email:             +
+ ---------- Sic transit gloria mundi. ------------ +
+ --- "Thus passes away the glory of the world." -- +
+ ------------------------------------------------- +

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:51 CDT