Mailinglist Archive: opensuse (3225 mails)
| < Previous | Next > |
Re: [SLE] Re: security hole?
- From: Dave Smith <Dave.Smith@xxxxxx>
- Date: Sat, 13 Jul 2002 16:38:49 +0100
- Message-id: <20020713153849.GF929@xxxxxxxxxxxxxx>
On Sat, Jul 13, 2002 at 11:02:22AM -0400, leemav@xxxxxxxxx wrote:
[snip]
> Nevertheless, if you need an OS which treats root access a
> littlie more securely consider alternatives such as Redhat or FreeBSD.
> If you "forget" you root password you cannot merely insert a "resue
> disk" (a so neither can anyone else) and break in as root.
I've not used RH for a while, but unless they've made some major changes,
that statement is utter rubbish. I don't think that RH encrypts /etc by
default (like SuSE), so it would be just as open to the same sort of
attack. In fact, I think that RH has gone to an ext3 default rather than
ReiserFS, so SuSE might have a slight edge, since many (most?) root+boot
disks won't have ReiserFS support yet, and ext3 is backwards-compatible
to ext2.
Perhaps you'd like to provide some evidence to substantiate your claims
that RH is better? What stops you from inserting a bootdisk into the
machine, rebooting, and mounting the root FS?
I doubt that FreeBSD would be any different, but I can't comment
on that since I've never used it.
> With regard to data visibility--the concern is more then just whether or
> not someone else can see the data--it is what they can do as root which
> might breach the security of your network long after the initial breach.
Unless you encrypt the filesystem, it will always be open to modification
by another self-contained OS which has support for the FS type used.
As for networks, every resource should be secured by a password system,
which communicates over an encrypted link. If you do this, then booting
a different OS won't give you access to any network shares without the
appropriate authentication keys/passwords.
--
David Smith Work Email: Dave.Smith@xxxxxx
STMicroelectronics Home Email: David.Smith@xxxxxxxxxxxxxxxxxxxx
Bristol, England
[snip]
> Nevertheless, if you need an OS which treats root access a
> littlie more securely consider alternatives such as Redhat or FreeBSD.
> If you "forget" you root password you cannot merely insert a "resue
> disk" (a so neither can anyone else) and break in as root.
I've not used RH for a while, but unless they've made some major changes,
that statement is utter rubbish. I don't think that RH encrypts /etc by
default (like SuSE), so it would be just as open to the same sort of
attack. In fact, I think that RH has gone to an ext3 default rather than
ReiserFS, so SuSE might have a slight edge, since many (most?) root+boot
disks won't have ReiserFS support yet, and ext3 is backwards-compatible
to ext2.
Perhaps you'd like to provide some evidence to substantiate your claims
that RH is better? What stops you from inserting a bootdisk into the
machine, rebooting, and mounting the root FS?
I doubt that FreeBSD would be any different, but I can't comment
on that since I've never used it.
> With regard to data visibility--the concern is more then just whether or
> not someone else can see the data--it is what they can do as root which
> might breach the security of your network long after the initial breach.
Unless you encrypt the filesystem, it will always be open to modification
by another self-contained OS which has support for the FS type used.
As for networks, every resource should be secured by a password system,
which communicates over an encrypted link. If you do this, then booting
a different OS won't give you access to any network shares without the
appropriate authentication keys/passwords.
--
David Smith Work Email: Dave.Smith@xxxxxx
STMicroelectronics Home Email: David.Smith@xxxxxxxxxxxxxxxxxxxx
Bristol, England
| < Previous | Next > |