Exploit:


 OpenLinux 2.2: LISA install leaves root
 access without password

 I believe I've found a bug in the installation
 process of OpenLinux 2.2 when using the LISA
 boot disk. During the installation a temporary
 passwd file is put on the new file system
 containing the user "help" set uid=0 gid=0 and
 no password. Once you are prompted to set the
 root password and default user password a new
 passwd and shadow file is created yet the help
 user is left in the shadow file with, you
 guessed it, no password... Here are the
 offending entries:

 /etc/passwd
       help:x:0:0:install help user:/:/bin/bash

 /etc/shadow
       help::10709:0:365:7:7::

 Anyone who installed OpenLinux 2.2 using the LISA
 boot disk should check their password file now ;-)


               Andrew McRory - amacc@linuxsys.com