[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [POSSIBLE GRAVE SECURITY HOLD]



On Wed, Mar 01, 2000 at 02:42:46PM -0500, Thomas Bushnell, BSG wrote:
> Pierre Beyssac <beyssac@enst.fr> writes:
> > The security hole is that the console is made insecure by default
> > without any warning from the installation program. That, in itself,
> > would warrant a security advisory.
> Not counting the possibility of physically dinking with the hardware,
> are you sure that C-c during bootup won't do the wrong thing?  How
> about telling LILO to boot Linux single-user?

LILO boot: Linux init=/bin/sh
would do what you want.  Linux single still asks for the root password.

However, it is possible to not allow the boot: prompt from LILO.  But this
is not the default behavior.  Should we make it the default behavior because
otherwise, J. Random Luser can gain root access if he is at the console?
No, i messes with functionality that most people need.

Without the above LILO option being default, making the MBR not allow floppy
boot is a moot point.  If you're going to go for boot-up security, then go
the whole way.  If you're smart enough to close off LILO, then you're smart
enough to close off the MBR.

My point:  Maybe the MBR shouldn't have floppy boot enabled by default, but
it's not a "grave security hold", instead, it's a moot point.  Leave it up
to the maintainer to decide what to do.  If it were me, I'd make a little
blurb be displayed upon install about it.

But still, you can open the box and drain the charge out of the CMOS.  Now
no password, easy to re-enable floppy boot.  And you only have to do that if
your bios is on of the 2% that don't have a backdoor in them.

I could also take the hard drive out... plug it into my laptop... mount
the root partion on /mnt and change the root password in /etc/shadow,
then replace the hard drive.

Point 2:  If you're physically at the console, then security is a moot
point.  Keep lusers away from consoles that you can't rebuild in 5 minutes,
and don't trust those consoles over the network.

my $0.02

-Dan

-- 
"Beware he who would deny you access to information, for in his heart 
he dreams himself your master."

Attachment: pgps49TbrdUba.pgp
Description: PGP signature


Reply to: