Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: moth@debian.org, Adam Di Carlo <adam@onshore.com>
- Cc: John Goerzen <jgoerzen@complete.org>, quinot@infres.enst.fr, Pierre Beyssac <beyssac@enst.fr>, Samuel Tardieu <sam@debian.org>, "Huneycutt,Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: tom@rei.onegeek.org
- Date: 3 Feb 2000 15:57:18 -0000
- Message-id: <[🔎] 20000203155718.15155.qmail@rei.onegeek.org>
- Reply-to: tom@rei.onegeek.org, 56821@bugs.debian.org
- In-reply-to: <[🔎] 20000203001853.B5746@usatoday.com>
- References: <[🔎] 87vh47i28b.fsf@erwin.complete.org> <[🔎] 200002030030.SAA00851@cafe.onshore.com> <[🔎] 20000203001853.B5746@usatoday.com>
In tom.lists.debian-devel, you wrote:
> After all, with a boot prompt, the student could get root access using
> init=/bin/sh [Oh, wait, then that would be "grave" a bug in lilo..]
Actually, not really. Lilo has two options ("restricted" and
"password=") that, used together, allow the system to be booted
without giving the user the ability to change the kernel command
line. (Making lilo unreadable by users is a must so that they can't
find out the password.)
This, combined with a bios admin password and disabling boot from
floppy and cdrom, leads to a boot sequence protected from
software-based attacks. (And it's usually possible to lock down cases
to make tampering with the hardware difficult and obvious.)
Mbr is a flaw in this scheme, and since it normally is silent, it's
occasionally hard to notice. The patch I sent to the list to add a
banner to debdiff is part of a solution... adding some comments to the
default lilo.conf mentioning how lilo interacts with mbr may be
another part.
This seems like a big gotcha that will hit fairly experienced admins
when they switch from another (non-mbr) version of Linux to Debian.
--
Tom Rothamel --------- http://onegeek.org/~tom/ ---------- Using GNU/Linux
"Students who successfully accomplish this task will be given
extra credit (and a complete psychiatric examination)."
- Andrew S. Tannenbaum, _Structured Computer Organization_
Reply to: