On Sunday 16 April 2006 06:54, "Alan E. Davis" <[EMAIL PROTECTED]> wrote about '[gentoo-user] Security from non-authorized logins': > I helped a friend install Ubuntu GNU/Linux on his laptop, he left > town, forgot his passwords, and I promised to breakin for him, so he > can re-do his passwords. Told him all I have to do is run Knoppix, > access his partition, and delete the little x in the password file. > Then he would reset his root password in be back in business. > > He felt betrayed. I understand why, I think: what's secure about > GNU/Linux if anyone can boot the system and reset his passwords?
First of all, you can't have it both ways. Either there's a way to get into your system without your password(s) or you are screwed when you forget your password. Second, any OS that doesn't hold it's password file on an encrypted area protected by some other master password, is subject to the same attack. Sometimes there's more "security by obscurity" to deal with, but that only has to be dealt with once. (For example, "rooting" a Windows box requires tools that are a bit more specialized than a text editor.) > Oh, well, does anyone have anything to suggest or to say about this? You can set your BIOS so that only device X is bootable, but there's two ways around that. Since you have physical access, you can either (a) exchange the media hooked to device X or (b) short the reset pins / remove the MB battery to reset the BIOS to factory defaults. Either might require opening the case, but are pretty easy to do. Also, it really easy to forget BIOS passwords since they aren't needed that often. Now, okay, so lets work under the assumption that the attacker has full control over your boot process. They can load any OS they want so even if they have no /other/ way to access your data, they can simply read it byte by byte off of the hard drive. They can also write to the hard drive, so they could replace your secure software with insecure or malicious software (assuming the can read the software enough to know how to modify it). [The same can be said for transforming innocuous data to incriminating data.] Even if they don't have enough access to modify your software, they could just overwrite the HD and deprive you of the data. Now, while we can't prevent vandals from destroying your data, it is possible to encrypt everything on your HD 'cept for the kernel and just enough user-space tools to start the decryption. This prevents the attacker from stealing the data, and also prevents an attacker from replacing your secure software with insecure or malicious software (they don't know where/what to write). The keys are protected by a password; without the password NO ONE can get them, so DON'T LOSE THE PASSWORD. Finally, I do want to take this opportunity to mention one of the possible /benefits/ of TPM / TCM / "Treacherous" Computing. Assuming you have the keys to your computer, it will only load BIOSes that you've allowed which will only load kernels you've allowed, which give you control over you boot process again -- encryption will still be necessary to safeguard against your HD simply being stolen, but TPM/TCM is does close a few holes. (Of course, this is not how MS etc. want TPM/TCM implemented; they are looking at a system design where /THEY/ own the keys to your computer.) -- "If there's one thing we've established over the years, it's that the vast majority of our users don't have the slightest clue what's best for them in terms of package stability." -- Gentoo Developer Ciaran McCreesh
pgpbTa1oSPK2b.pgp
Description: PGP signature