Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Changing root password with gentoo install cd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
aardvark
Guru
Guru


Joined: 30 Jun 2002
Posts: 576

PostPosted: Wed Jul 10, 2002 7:22 pm    Post subject: Changing root password with gentoo install cd Reply with quote

Ok this may sound like a bit noobie ,far sought and "Old News", but it has caused me to scratch my head...
When I put in the bootable Gentoo install CD I can mount my root partition, ok:

mount /mnt/gentoo /dev/hdaX
chroot /mnt/gentoo /bin/bash
env-update
source /etc/profile

When this is done, the root password can be changed without entering the existing one... by anyone.
Ok, I could prevent a user from booting of the CD of cource, but that can also be easlily bypassed by a smart user (the little computer freak cousin?).
I am aware that this kind of "screw that pc action" can be done for any OS, but it seems quite simple and easy in this specific scenario. (perhaps there is even a simpler way via grub + "e" key.) It can even be done without leaving a trace if you backup and replace the /etc/passwd file (or not?)

So it comes down to this: Can I prevent this from happening on a "linux/software" level?
My workaround for now would be to disable "bootable CD" for now and password protect the bios setting. It means basically that I should keep untrusted users away from my physical computer as well as my backend network.. :)

If this is all too stupid and paranoid, be happy to kick me... :(
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Wed Jul 10, 2002 7:27 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

aardvark wrote:
So it comes down to this: Can I prevent this from happening on a "linux/software" level?

Not short of using an encrypting filesystem. Anyone could simply burn their own CD, and if your BIOS is set to boot the CD before the HD, it will load first.
aardvark wrote:
My workaround for now would be to disable "bootable CD" for now and password protect the bios setting.

That sounds like a good approach, if your system is in a pretty stable state and you are not often having to boot from the CD for rescue purposes.
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Wed Jul 10, 2002 7:28 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

aardvark wrote:
When this is done, the root password can be changed without entering the existing one... by anyone.

correct.

aardvark wrote:
Ok, I could prevent a user from booting of the CD of cource, but that can also be easlily bypassed by a smart user (the little computer freak cousin?).

also correct.

aardvark wrote:
It can even be done without leaving a trace if you backup and replace the /etc/passwd file

again, correct.

aardvark wrote:
So it comes down to this: Can I prevent this from happening on a "linux/software" level?

no. not if the attacker has physical access to your machine.

aardvark wrote:
My workaround for now would be to disable "bootable CD" for now and password protect the bios setting.

Even this won't work -- it just means that I have to pop the cover to your machine and find the jumper switch that resets your BIOS password.

aardvark wrote:
It means basically that I should keep untrusted users away from my physical computer as well as my backend network.. :)

This is the key.

aardvark wrote:
If this is all too stupid and paranoid, be happy to kick me... :(

It's not stupid and you're not paranoid, but the simple fact is that there is no way to protect your machine if someone has physical access to it. Flat out. Period. No way around it. That's just something you have to accept and deal with. For some, this means locking computers up in closets (for home use) or datacenters (for business use). It all depends on how secure you need things to be and how much you're willing to pay to secure it.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
aardvark
Guru
Guru


Joined: 30 Jun 2002
Posts: 576

PostPosted: Wed Jul 10, 2002 7:36 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

rac wrote:

Not short of using an encrypting filesystem. Anyone could simply burn their own CD, and if your BIOS is set to boot the CD before the HD, it will load first.


Hmm , could you point me to an EFS that will go well with Gentoo?
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Wed Jul 10, 2002 7:37 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

rac wrote:
Not short of using an encrypting filesystem


Even this isn't really enough. Loopback encryption (most common form on linux) has quite a few holes that can be exploited to bypass it, assuming you have physical access to the machine.

Additionally, if you plan to back things up or have any sort of rescue boot disk, then the attacker simply needs to get ahold of that and they can typically pull the encryption key out of it.

Or, you simply put a keystroke logger on the back of the machine and capture the root password. The FBI used this to catch some famous mobster a while back. (And before you write this off as fantasy and spy games, realize that you can buy one for under $100.)

Encrypted file systems do help, but only if you're fanatical about protecting the keys to unlock the system. I also seem to remember that some partitions (boot?) can't be encrypted on linux, but I don't remember the details. (I could be totally off-base on that last one.)

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
aardvark
Guru
Guru


Joined: 30 Jun 2002
Posts: 576

PostPosted: Wed Jul 10, 2002 7:46 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

klieber wrote:

Even this won't work -- it just means that I have to pop the cover to your machine and find the jumper switch that resets your BIOS password.


Ok, then I'll have to find a way that at least a trace is left behind when someone attempts to do this, Either in the OS or on a hardware level. The scary thing is that it can be done so easily without leaving a trace.

[not meant inflammatory]
For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this :) )
[/not meant inflammatory]
Back to top
View user's profile Send private message
delta407
Bodhisattva
Bodhisattva


Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL

PostPosted: Wed Jul 10, 2002 7:56 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

aardvark wrote:
[not meant inflammatory]
For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this :) )
[/not meant inflammatory]


See this page.
_________________
I don't believe in witty sigs.
Back to top
View user's profile Send private message
aardvark
Guru
Guru


Joined: 30 Jun 2002
Posts: 576

PostPosted: Wed Jul 10, 2002 8:03 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

delta407 wrote:
aardvark wrote:
[not meant inflammatory]
For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this :) )
[/not meant inflammatory]


See this page.

I stand corrected!!
Back to top
View user's profile Send private message
klieber
Administrator
Administrator


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA

PostPosted: Wed Jul 10, 2002 8:10 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

aardvark wrote:
For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this :) )


The issue of physical security is not restricted by OS. Windows, linux, solaris and Mac are all vulnerable.

Again, it comes down to protecting physical access to the machine. Honestly, if you're that concerned about it, place it in a closet and lock the closet. Or, use JB Weld or a similar chemical welding solution and weld your case shut (or duct tape, spot solder, etc., etc) In that case, a BIOS password, combined with removing the floppy and CDROM from the boot sequence, is more effective since popping the top isn't as easy and you can generally tell when your case has been compromised.

What are you trying to protect here? Sensitive Intellectual Property worth millions of dollars or are you just trying to make sure your parents don't discover your pr0n collection? ;)

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
aardvark
Guru
Guru


Joined: 30 Jun 2002
Posts: 576

PostPosted: Wed Jul 10, 2002 8:42 pm    Post subject: Re: Changing root password with gentoo install cd Reply with quote

klieber wrote:


What are you trying to protect here? Sensitive Intellectual Property worth millions of dollars or are you just trying to make sure your parents don't discover your pr0n collection? ;)


No not really. Just a matter of principal.., hobby exploring the possibilities and as illustrated by the following:
Person 1 "Why are you running linux? and why should I?"
Person 2 "Well, there are many reasons. For one it is very secure.......only root has acces to the sytem... etc."

Of course the above is true for a network approach, If I do my configging right

I just found it interesting that this could be done so easily...
The only thing I want to really protect is my thesis, but more against hardware failure than someone breaking in... ;)

Ok, thanks for all your replies. I get the idea...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum