On 20/02/2016 12:52 μμ, arrowscr...@mail.com wrote:
Wow, that's new to me. Thanks.
Anyway, I still think that this "password rescue" should not be allowed by
default.
I know operating systems can do very little to prevent physical problems like
side-channel attacks,
but this is not the case, and this does not mean that the OS should not make it
harder the attacks even
if someone have physical access. There's systems, from what I remember (HP
servers, I think), that
allow remote control based on firmware. One could use this escape "feature" to
get your root,
without physical access. Same for hosts services.
Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is real
encryption, there's
not a back door or magic unlocking tool." why exactly the root should be
different? If one lost his
passphrase, it's his fault. I thought the philosophy was "secure by default",
even if this make the
"computer difficult to manage properly".
Moreover, this is also the case with most Linux distro's you've
probably used in your life. You may have to enter a password on some
distro's when in single-user mode, but grub is almost always
passwordless, which means you can edit it to set /bin/bash as init,
which basically bypasses all such "restrictions".
Secure by default does not mean that everything is hardened, as this
wouldn't be that practical either. One could argue that file system
permissions on binary and library folders could be more strict, or that
systrace should have been setup and configured by default, but I think
that this by far exceeds what a "secure OS" would be and enforces
probable restrictions on sysadmins that they may not want to adhere to.
I don't think that the goal of a proactively secure OS like OpenBSD is
to be configured to be hardened by default so as to be used by expert or
non-expert admins to feel safer, because that would be more misleading
than helpful, as Stuart suggested. The goal is to have a generically
safe OS where program crashes don't result in privilege escalation that
easily and whose code is designed and written with security in mind to
reduce vulnerabilities. It's the sysadmins' responsibility to further
"secure" their installations and chose which features they'd further add
which would probably make OS maintenance more difficult.
Having said that, to my understanding, securing physical access by
asking the pass phrase in single-user mode in an OS would be more than a
marketing thing rather than a security feature per-se.
George.