On suse 8.0 I Have noticed something. When I boot on linux cd (rescue system), I can acces to my partition with root account with no password. Consequence : I can clear root password, and when I reboot, have full access to linux , like root with no password. Is it possible to correct this problem ? thanks Marc Chassoulier mailto:it@colinet.be IT Manager http://www.colinet.be Tel. +32 64 67.37.77 Fax +32 64 67.32.67 Disclaimer The content of this message and any attachment thereto is confidential and may also be otherwise protected by proprietary rights or other legal rules ("Confidential Information"). It must be considered and remain the exclusive property of the sender of this message. If you are the intended recipient, you are not allowed to copy, disclose or use the Confidential Information without the prior consent of the sender of this message. If you have received this message by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message, disclose its contents to anyone, or use its content in any manner whatsoever. Further to your request, this message and any attachment thereto was sent to you over the Internet. The integrity and security of this message cannot be guaranteed on the Internet. By opening any attachment to this message, copying this message or using Confidential Information contained in this message, you agree to be bound by the above obligations. Should you disagree with these clauses, please delete this message and any attachment thereto from your system and inform us immediately by reply e-mail.
On Friday 12 July 2002 12.09, Marc Chassoulier wrote:
On suse 8.0 I Have noticed something. When I boot on linux cd (rescue system), I can acces to my partition with root account with no password. Consequence : I can clear root password, and when I reboot, have full access to linux , like root with no password. Is it possible to correct this problem ?
Yes, ensure physical security of the box and encrypt all sensitive data.
Disclaimer <snip ridicolous disclaimer>
Are you insane? Please understand that anything you send to a *public* list cannot in any sense of the word be "confidential". And if your company policy forces you to include it anyway, please trim it a little. That has got to be the worst "disclaimer" I've ever seen. //Anders
On Friday 12 July 2002 11:09, you wrote:
On suse 8.0 I Have noticed something. When I boot on linux cd (rescue system), I can acces to my partition with root account with no password. Consequence : I can clear root password, and when I reboot, have full access to linux , like root with no password. Is it possible to correct this problem ?
Well this one really is a feature, not a bug. What will you do when you've forgotten the root password, or it's corrupt? The machine must be made physically secure, if you can't lock the room and have to let in untrusted people put the machine in a lockable cage that prevents access to the disk drives. You can also get little locks for e.g. floppy drives, and many BIOSes accept passwords that prevent changes to the BIOS. In some you can make the CD unbootable, though then you are reduced to dismantling the machine and setting a bios recovery jumper if you forget _that_ password. One thing you can do is make sure the shutdown commands aren't available to users and you can set hard or paranoid permissions (think you still can ...). But mostly, keep bad people away from the console. HTH Fergus
_that_ password. One thing you can do is make sure the shutdown commands aren't available to users and you can set hard or paranoid permissions (think you still can ...). But mostly, keep bad people away from the console. HTH Well, the answer that I sent from work (but didn't make it to the list
On Friday 12 July 2002 12:44, Fergus Wilde wrote: probably because of our mail servers working so good) says about the same, but it kept me thinking.... By exploring the linux source code, can one find the algorithm to decode passwords in /etc/shadow or is it a one-way-algorithm? Is there a way of authenticating users via the network and not via the local machine? And in that case, is it possible to authenticate root via the network (guess not since the startup process is done with the root permissions)? And what about machines that must be able to work without a connection, like portables? Does this rescue-disk work with any version of linux or is it specific for a distribution/kernel-version? I guess you should do the maximum to prevent people from booting from any other medium than the hard disk and use different root password on each machine? I read somewhere that most security attacks come from within the organisation... -- Marc Jacobs
Alle 21:32, venerdì 12 luglio 2002, Marc Jacobs ha scritto:
On Friday 12 July 2002 12:44, Fergus Wilde wrote:
_that_ password. One thing you can do is make sure the shutdown commands aren't available to users and you can set hard or paranoid permissions (think you still can ...). But mostly, keep bad people away from the console. HTH
Well, the answer that I sent from work (but didn't make it to the list probably because of our mail servers working so good) says about the same, but it kept me thinking....
By exploring the linux source code, can one find the algorithm to decode passwords in /etc/shadow or is it a one-way-algorithm?
1) it's one-way 2) The malicious user must have the /etc/shadow file, which is accessible only by root. If he is root, you have something else to worry about.
Is there a way of authenticating users via the network and not via the local machine?
man sshd
And in that case, is it possible to authenticate root via the network (guess not since the startup process is done with the root permissions)?
Yes, but it is not secure.
On Fri, Jul 12, 2002 at 09:32:29PM +0200, mja@skynet.be wrote:
By exploring the linux source code, can one find the algorithm to decode passwords in /etc/shadow or is it a one-way-algorithm?
It is a one-way algorithm - you can work out if a password you have matches the encrypted version, but you can't use the encrypted version to deduce the password. However, once you have the encrypted version, you can use brute force attack (try random attempts until you find one that works), maybe on another machine.
Is there a way of authenticating users via the network and not via the local machine?
Yes. NIS/NIS+ can be used for this.
And in that case, is it possible to authenticate root via the network (guess not since the startup process is done with the root permissions)?
Possibly. However, this is a *bad* idea - simply replace the machine that is providing the root authentication (just switch the network cable), and you can break into the box with ease. A better idea would be to distribute the root password between machines using ssh/scp, with suitable scripting.
And what about machines that must be able to work without a connection, like portables? Does this rescue-disk work with any version of linux or is it specific for a distribution/kernel-version?
Most rescue disks are distribution-independent - they just allow you to boot a basic Linux system, and mount the filesystems on disk - the ext2/ext3/ReiserFS filesystems are standard to Linux (or possibly even *nix), not just a distribution.
I guess you should do the maximum to prevent people from booting from any other medium than the hard disk and use different root password on each machine? I read somewhere that most security attacks come from within the organisation...
Yes. Disable floppy booting in the BIOS, and password-protect the BIOS. If possible, disconnect/remove the floppy drive. Set a LILO boot password. Prevent people from turning the machine off. Disable Ctrl-Alt-Del. Until you remove physical access to the machine, you will not be able to prevent access to the data on the disk - the user could just remove the HDD and plug it into another machine. Alternatively, you could use encrypted filesystems, although there may be a problem with putting /etc/passwd and/or /etc/shadow on an encrypted FS. -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England
Dave and Praise, thank you for your good and complete explanation. Greetings, -- Marc Jacobs
* Marc Chassoulier
On suse 8.0 I Have noticed something. When I boot on linux cd (rescue system), I can acces to my partition with root account with no password. Consequence : I can clear root password, and when I reboot, have full access to linux , like root with no password. Is it possible to correct this problem ?
Ehm, yes. That is the whole idea of a rescue CD. If I take out the harddrive of your computer, stick it in another computer as secondary disk and then boot my linux from the first disk I can also change the root password on yourr harddisk. Or I could boot from floppy . If you do not want this, do not give physical access to your boxes. (oh, and please get rid of the disclaimer when posting to public mailinglists since you are the IT manager you should eb able to do that) Currently listening to: rw2002-03-14d1t06 Gerhard, <@jasongeo.com> == The Acoustic Motorbiker == -- __O Some say the end is near. =`\<, Some say we'll see armageddon soon (=)/(=) I certainly hope we will I could use a vacation
participants (7)
-
Anders Johansson
-
Dave Smith
-
Fergus Wilde
-
Gerhard den Hollander
-
Marc Chassoulier
-
Marc Jacobs
-
Praise