Re: Protecting root security

[Ben Collins <bcollins@debian.org>]

On Tue, May 18, 1999 at 09:16:35PM -0400, Tommy Malloy wrote:
> Doesn't the fact that I can go to any Linux box with an install disk or
> cd and gain root access mean that the all Linux systems are
> fundamentally insecure?   Perhaps the install process could be changed
> so that root password, or some other verification system is required,
> before a reinstall is permitted.  It is true that compromising a system
> this way requires unfettered access to the box.   However as Linux is
> used more and more in commercial environments this issue will need to be
> addressed.

Leaving it up to the install disk to secure the root partition is
impractical. That's like trusting the user with a [Yn] response on "Was
the password you entered correct?". The only way to secure a filesystem
from this type of access is to use some sort of secure fs (cfs and
secure loop devices with encryption come to mind), also check into sfs
(sorry, no URL's for these). This has a downfall of the fact that the
machine cannot boot without user interaction (some one to authenticate
or supply the password for the filesystem).

IIRC, MacOS filesystems have similar things to encrypt the partition
table with a password, but this does nothing to protect the data. Even
with this type of protection, nothing stops some one from putting in a DOS
disk with a disk editor and reading byte by byte from the disk.

Best bet for easy setup is using encryption over the loop device.

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <bcollins@debian.org>                        Debian GNU/Linux
OpenLDAP Dev - bcollins@openldap.org     The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --