Re: join us!
BTW Idon't know if anyone actually "got it" but the point of my article was
more that Debian is trying to improve security, but seems to be missing
major things. I suppose I should have stated this more obviously (like in H1
at the top). Sigh, anyways for next time I will be less subtle. Bruce
Schneier's new book (secret's and lies) covers this too, people view
security as a number of small unrelated problems, when in fact you have to
treat it as an entire, complex, system. For example: Protecting boot up:
Problem: User can boot off off removable media
Solution: Change BIOS settings, Debian can't really do this, however they
may wish to document it. I have at:
Problem: user can enter Lilo commands at the Lilo prompt
Debian's solution (partial): install sulogin, thus requiring user to enter a
root password for runlevel 1, this still allows the user to enter command
Real solution: use "restricted" and "password", set lilo.conf mode 600, now
the user must get root to read file or some other exploit to read file (then
they could read /etc/shadow, or whatever as well).
Additional solution: remove/replace password in lilo.conf after setting it
(i.e. set password, run lilo, remove password).
Problem: users with physical access can compromise security.
Yes but there is a big difference between hitting ctrl-alt-del, tryping
"Linux init=/bin/sh" then making them bring a boot disk, or if you locked
the BIOS down stealing the machine/etc. I love visiting computers labs with
Linux machines, I have yet to find one where lilo was restricted/password
protected yet, many use sulogin, but that doesn't work so well.
As you can see booting the computer (even looking at it in pure overview
terms) is quite complex and there are many interactions (i.e. OS security is
pointless if the attacker has a boot disk and can use it). However with a
few simple steps you can plug all the holes possible short of sending a
debian representitive to the persons house/business to install debian
securely for them. The effort put into sulogin would have been better placed
in making the install script go "would you like to protect boot up
blahblahblah Y/n:" followed by "set a lilo password:". As I pointed out to
one person using sulogin and not securing Lilo is like putting a nice
expensive dead bolt lock on a screen door.
SecurityPortal, your focal point for security on the net