Re: [gentoo-user] Security from non-authorized logins
On Sunday 16 April 2006 06:54, "Alan E. Davis" <[EMAIL PROTECTED]> wrote about '[gentoo-user] Security from non-authorized logins': > I helped a friend install Ubuntu GNU/Linux on his laptop, he left > town, forgot his passwords, and I promised to breakin for him, so he > can re-do his passwords. Told him all I have to do is run Knoppix, > access his partition, and delete the little x in the password file. > Then he would reset his root password in be back in business. > > He felt betrayed. I understand why, I think: what's secure about > GNU/Linux if anyone can boot the system and reset his passwords? First of all, you can't have it both ways. Either there's a way to get into your system without your password(s) or you are screwed when you forget your password. Second, any OS that doesn't hold it's password file on an encrypted area protected by some other master password, is subject to the same attack. Sometimes there's more "security by obscurity" to deal with, but that only has to be dealt with once. (For example, "rooting" a Windows box requires tools that are a bit more specialized than a text editor.) > Oh, well, does anyone have anything to suggest or to say about this? You can set your BIOS so that only device X is bootable, but there's two ways around that. Since you have physical access, you can either (a) exchange the media hooked to device X or (b) short the reset pins / remove the MB battery to reset the BIOS to factory defaults. Either might require opening the case, but are pretty easy to do. Also, it really easy to forget BIOS passwords since they aren't needed that often. Now, okay, so lets work under the assumption that the attacker has full control over your boot process. They can load any OS they want so even if they have no /other/ way to access your data, they can simply read it byte by byte off of the hard drive. They can also write to the hard drive, so they could replace your secure software with insecure or malicious software (assuming the can read the software enough to know how to modify it). [The same can be said for transforming innocuous data to incriminating data.] Even if they don't have enough access to modify your software, they could just overwrite the HD and deprive you of the data. Now, while we can't prevent vandals from destroying your data, it is possible to encrypt everything on your HD 'cept for the kernel and just enough user-space tools to start the decryption. This prevents the attacker from stealing the data, and also prevents an attacker from replacing your secure software with insecure or malicious software (they don't know where/what to write). The keys are protected by a password; without the password NO ONE can get them, so DON'T LOSE THE PASSWORD. Finally, I do want to take this opportunity to mention one of the possible /benefits/ of TPM / TCM / "Treacherous" Computing. Assuming you have the keys to your computer, it will only load BIOSes that you've allowed which will only load kernels you've allowed, which give you control over you boot process again -- encryption will still be necessary to safeguard against your HD simply being stolen, but TPM/TCM is does close a few holes. (Of course, this is not how MS etc. want TPM/TCM implemented; they are looking at a system design where /THEY/ own the keys to your computer.) -- "If there's one thing we've established over the years, it's that the vast majority of our users don't have the slightest clue what's best for them in terms of package stability." -- Gentoo Developer Ciaran McCreesh pgpbTa1oSPK2b.pgp Description: PGP signature
Re: [gentoo-user] Security from non-authorized logins
Alan E. Davis wrote: > He felt betrayed. I understand why, I think: what's secure about > GNU/Linux if anyone can boot the system and reset his passwords? Oh C'mon! Like you NEVER did the same on a Windows box. YES, you can do something similar on NT/2K/XP/Whatever... Encrypt your filesystems if you want a little more security on a physically accessible computer. Regards, -- Norberto Bensa Cel: 5654-9539 Ciudad de Buenos Aires, Argentina pgprOmt2ceOln.pgp Description: PGP signature
Re: [gentoo-user] Security from non-authorized logins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Alan E. Davis wrote: > Still, it would perhaps be somewhat comforting to be able to disable > EASY access to a "mission critical" system. > > What about further disabling of access to /etc/passwd? Does SELinux > take any such steps? (Ok, I could look into this by reading TFM. > Apologies). > > Alan > Not very sure about SELinux, but RSBAC has in-kernel user management (in it's latest releases >=1.2.5). IIRC SELinux also uses it's own user management beside the unix one (check selinux docs). PS: but the data is still there, so use encryption (enc. partition) ...SKIP... HTH.Rumen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2-ecc0.1.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFEQknRNbtuTtsWD3wRAiRcAJUSlX2s64RHOnwM81YVnFGwdKEJAJ0akEt5 WUbbRd2/9Rmwqxwm0ntq6w== =6tVw -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security from non-authorized logins
Alan E. Davis wrote: Still, it would perhaps be somewhat comforting to be able to disable EASY access to a "mission critical" system. Put them in a server room. Make sure, that only trusted people have a key to that server room. What about further disabling of access to /etc/passwd? Does SELinux take any such steps? Well, how does SElinux help, if a (non-SELinux) boot medium is used to access the system? And what do you do, if you "forget" the password to your mission critical system? Where are the backdoors? Are the backdoors documented (they better be...)? Alexander Skwar -- Totally illogical, there was no chance. -- Spock, "The Galileo Seven", stardate 2822.3 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security from non-authorized logins
Still, it would perhaps be somewhat comforting to be able to disable EASY access to a "mission critical" system. What about further disabling of access to /etc/passwd? Does SELinux take any such steps? (Ok, I could look into this by reading TFM. Apologies). Alan On 4/16/06, Alexander Skwar <[EMAIL PROTECTED]> wrote: > Alan E. Davis wrote: > > I helped a friend install Ubuntu GNU/Linux on his laptop, he left > > town, forgot his passwords, and I promised to breakin for him, so he > > can re-do his passwords. Told him all I have to do is run Knoppix, > > access his partition, and delete the little x in the password file. > > Then he would reset his root password in be back in business. > > > > He felt betrayed. I understand why, I think: what's secure about > > GNU/Linux if anyone can boot the system and reset his passwords? > > That's NOT a Linux problem. If you've got physical access, > you can easily break in (same for Windows, BTW). > > > I said, Dunno. I'll ask on the Gentoo list. > > > > How can anyone easily avoid the problem of anyone being able to access > > the guts of his machine using a live CD? > > Remove CD-Rom. > Put Computer in a solid box which cannot (easily) be opened, > so that it's "impossible" to attach an external CD-Rom. > > > I already thought of one: > > use the BIOS to disallow booting from a CD or Floppy, and set a > > password on the BIOS. > > Most BIOS support either a "master password" > or a way to reset a password (some pins on the > motherboard). > > > Don't know whether all BIOSes will allow this, > > and anyway, isn't it possible on a lot of motherboards to short out > > the EPROM and thus reset the password of the BIOS? > > Yes. > > Alexander Skwar > -- > Hey Satan, didja hear the news? A war just broke out up on earth. > > Meet Saddam Hussein, my new partner in evil. > -- > gentoo-user@gentoo.org mailing list > > -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security from non-authorized logins
Alan E. Davis wrote: I helped a friend install Ubuntu GNU/Linux on his laptop, he left town, forgot his passwords, and I promised to breakin for him, so he can re-do his passwords. Told him all I have to do is run Knoppix, access his partition, and delete the little x in the password file. Then he would reset his root password in be back in business. He felt betrayed. I understand why, I think: what's secure about GNU/Linux if anyone can boot the system and reset his passwords? That's NOT a Linux problem. If you've got physical access, you can easily break in (same for Windows, BTW). I said, Dunno. I'll ask on the Gentoo list. How can anyone easily avoid the problem of anyone being able to access the guts of his machine using a live CD? Remove CD-Rom. Put Computer in a solid box which cannot (easily) be opened, so that it's "impossible" to attach an external CD-Rom. I already thought of one: use the BIOS to disallow booting from a CD or Floppy, and set a password on the BIOS. Most BIOS support either a "master password" or a way to reset a password (some pins on the motherboard). Don't know whether all BIOSes will allow this, and anyway, isn't it possible on a lot of motherboards to short out the EPROM and thus reset the password of the BIOS? Yes. Alexander Skwar -- Hey Satan, didja hear the news? A war just broke out up on earth. Meet Saddam Hussein, my new partner in evil. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security from non-authorized logins
On 4/16/06, Willie Wong <[EMAIL PROTECTED]> wrote: > On Sun, Apr 16, 2006 at 09:54:33PM +1000, Penguin Lover Alan E. Davis > squawked: > > He felt betrayed. I understand why, I think: what's secure about > > GNU/Linux if anyone can boot the system and reset his passwords? > > That is the same regardless of operating system. > Physical access == no security. > > > How can anyone easily avoid the problem of anyone being able to access > > the guts of his machine using a live CD? I already thought of one: > > use the BIOS to disallow booting from a CD or Floppy, and set a > > password on the BIOS. Don't know whether all BIOSes will allow this, > > and anyway, isn't it possible on a lot of motherboards to short out > > the EPROM and thus reset the password of the BIOS? > > You can also encrypt the contents of your hard drive. > http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ But I can still get that hard drive and smash it to bits ;) Get a big dog. Tie him next to your PC. Seriously, if your friend can find an OS that can restrict access even if the attacker has physical access to the PC, then he should use that. Encryption is a good solution, even for backups. But it's a bit overboard for most users. -- Jed R. Mallen GPG key ID: 81E575A3 fp: 4E1E CBA5 7E6A 2F8B 8756 660A E54C 39D6 81E5 75A3 http://jed.sitesled.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security from non-authorized logins
On Sun, Apr 16, 2006 at 09:54:33PM +1000, Penguin Lover Alan E. Davis squawked: > He felt betrayed. I understand why, I think: what's secure about > GNU/Linux if anyone can boot the system and reset his passwords? That is the same regardless of operating system. Physical access == no security. > How can anyone easily avoid the problem of anyone being able to access > the guts of his machine using a live CD? I already thought of one: > use the BIOS to disallow booting from a CD or Floppy, and set a > password on the BIOS. Don't know whether all BIOSes will allow this, > and anyway, isn't it possible on a lot of motherboards to short out > the EPROM and thus reset the password of the BIOS? You can also encrypt the contents of your hard drive. http://tldp.org/HOWTO/Disk-Encryption-HOWTO/ W -- Q: What's an anagram of "Banach-Tarski" ? A: "Banach-Tarski Banach-Tarski" Sortir en Pantoufles: up 155 days, 4:42 -- gentoo-user@gentoo.org mailing list
[gentoo-user] Security from non-authorized logins
I helped a friend install Ubuntu GNU/Linux on his laptop, he left town, forgot his passwords, and I promised to breakin for him, so he can re-do his passwords. Told him all I have to do is run Knoppix, access his partition, and delete the little x in the password file. Then he would reset his root password in be back in business. He felt betrayed. I understand why, I think: what's secure about GNU/Linux if anyone can boot the system and reset his passwords? I said, Dunno. I'll ask on the Gentoo list. How can anyone easily avoid the problem of anyone being able to access the guts of his machine using a live CD? I already thought of one: use the BIOS to disallow booting from a CD or Floppy, and set a password on the BIOS. Don't know whether all BIOSes will allow this, and anyway, isn't it possible on a lot of motherboards to short out the EPROM and thus reset the password of the BIOS? Of course, if he would forget his password he would lose all his data. Oh, well, does anyone have anything to suggest or to say about this? Alan Davis -- gentoo-user@gentoo.org mailing list
