Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
Marcus is absolutely right.
SERVERS:
This is a common misconception. People need to realize that physical
security is required. Place the servers behind locked doors. Disk
controllers which provide encryption/decryption (without performance
penalty) cost extra money. Soft encryption would definitely impact system
performance.
There are hardware key devices, but usually it is desirable that the
system would reboot properly without human intervention. That would
require leaving the hardware key inserted. So you still need a secure
location.
WORKSTATIONS:
There are lots of ways to encrypt files. Even msdos users have had this
option for years with programs like pkzip. If the data is sensitive and
the location is not physically secure, I suggest using such software in
such a manner that the key must be typed in or loaded from removable
media.
There is also the option of keeping the data on removable media, whether
encrypted or not. If your workstation is unprotected, it might be better
to deal with things like the netscape cache living on a slow zip disk
rather than having the person who cleans the office at night exploring
your personal world.
ANOTHER REASON TO PLACE THE SERVERS IN A PHYSICALLY SECURE LOCATION:
I was having an important discussion with a customer that I built a linux
server for. He brought his young child with him to his office that
evening. The child behaves very poorly. Guess what button he pressed? The
reset button on the primary server! This behavior is not limited to
children, so I suggest that it is best to protect the location. Just make
a partition and use strong fencing mesh for ventilation so you won't be
creating a sauna room. Leave the lights off because people like to look in
and see all the pretty colored LEDs :)
+----------------------------------------------------------------------+
+ Paul Wade Greenbush Technologies Corporation +
+ mailto:paulwade@greenbush.com http://www.greenbush.com/ +
+----------------------------------------------------------------------+
On Sat, 10 Oct 1998, Marcus Brinkmann wrote:
> On Sat, Oct 10, 1998 at 11:26:30AM +0200, Norbert Nemec wrote:
> > On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:
> >
> > >On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
> > >
> > >[...]
> > >>ALlow me to translate. Boot the rescue disk as if you are installing,
> > >[whole story deleted]
> > >
> > >Hey guys, why so complicated???
> > >
> > >What's wrong with giving LILO a kernel command line of "init=/bin/sh"? This way
> > >you boot straight into sh, and you can then change the root password.
> > >
> > >This is how I usually do it under Slackware, and even tho Debian uses shadow
> > >passwords it should work the same way.
> >
> >
> > Ouch, I tried it, it really works!!!! That means on a standard
> > Linux-machine, everybody could just switch off the power, give the
> > LILO-kernel option on reboot and be root??!! Why not simply drop the
> > need of a login password?
>
> If you want a secure machine, put the hardware in a metal case, and give
> nobody access to it. Especially, remove all connections, including the power
> cord!
>
> Serious,
> Marcus
Reply to: