Re: Protecting root security

To: "David B.Teague" <dbt@cs.wcu.edu>
Cc: Tommy Malloy <tjm1@thorn.net>, "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Protecting root security
From: Marek Habersack <grendel@vip.net.pl>
Date: Wed, 19 May 1999 13:22:17 +0200
Message-id: <[🔎] 19990519132217.D817@jester.vip.net.pl>
Reply-to: grendel@vip.net.pl
In-reply-to: <[🔎] Pine.LNX.3.96.990519055513.11156D-100000@tinuviel.cs.wcu.edu>; from David B.Teague on Wed, May 19, 1999 at 06:08:37AM -0400
References: <[🔎] 374210F3.EB2B5409@thorn.net> <[🔎] Pine.LNX.3.96.990519055513.11156D-100000@tinuviel.cs.wcu.edu>

* David B.Teague said:

> > Doesn't the fact that I can go to any Linux box with an install
> > disk or cd and gain root access mean that the all Linux
> > systems are fundamentally insecure? 
> 
> Absolutely. Any system to which physical access is allowed, then
> the system is vulnerable to a sufficient knowedgable cracker. 
One doesn't have to be cracker at all :))) - just boot from the rescue floppy
then do mount /dev/hda1 /mnt; vi /mnt/etc/shadow  and voila :))) The system
is yours :)

> > Perhaps the install process could be changed so that root
> > password, or some other verification system is required,
> > before a reinstall is permitted. 
> 
> A physical lock is better for security.
Absolutly yes!

> An effort such as this is now made: when the system crashes
> requiring a manual fsck, the root password is required for system
> maintenance. 
Of course - it's been there for years and if the user thinks that pressing
Ctrl-D to bypass it will do anything good to him, he's wrong - the system
starts up in a multi-user mode and prompts for the login/password in a usual
way. The only way to go aroud it is booting from the rescue floppy/cd

> It isn't much, and I find this irritating on my test machine. 
You can easily turn it off by forbidding sulogin be spawned at startup.

> > It is true that compromising a system this way requires
> > unfettered access to the box.  However as Linux is used more and
> > more in commercial environments this issue will need to be
> > addressed. 
> 
> I have used machines that have a 'firmmware' password, PCs provide
> this, as do many machines. If you allow physical access, one can
> disconnect the battery from the CMOS, and eliminate the password.
Hmm... not always true - NVRAM can be used to disable such an action and
even the PCs now have NVRAM.

> There seems to me to be nothing you can do to provide security
> against entry if you allow physical access. 
That's true.

> Someone on this list said, approximately: "A secure system is
> turned off and sealed in concrete." 
Just line WIndows NT which has the C2-level security certificate if it has
no modem, NIC or any means that allow connecting to it from the outside :))))

regards,
  marek

Attachment: pgp8Y8d1jORXO.pgp
Description: PGP signature

Reply to:

References:
- Protecting root security
  - From: Tommy Malloy <tjm1@thorn.net>
- Re: Protecting root security
  - From: "David B.Teague" <dbt@cs.wcu.edu>

Prev by Date: Re: Protecting root security
Next by Date: Re: Protecting root security
Previous by thread: Re: Protecting root security
Next by thread: Re: Protecting root security
Index(es):
- Date
- Thread