Mailinglist Archive: opensuse (3225 mails)
| < Previous | Next > |
Re: [SLE] Re: security hole?
- From: Lee Mavrogenis <leemav@xxxxxxxxx>
- Date: Sun, 14 Jul 2002 19:00:23 -0400
- Message-id: <3D320287.D5B5027D@xxxxxxxxx>
Marcel (and Ben as well),
Thank you. I have embedded a couple of comments. Please note there was never
any intent on my part to troll--so lets be clear about that.
With regard to security breaches:
-- Yes, I believe I stated as much (in essense) in my post as follows --
"Granted, almost without exception any security scheme can be
breached....."
As far as root access from a boot/rescue disk (again, this being in context
to the original posted complaint) - within that strict context I am not
aware of being able use a boot disk with W2k Server or Advanced Server to
acquire root (admin) permissions - unless you do a full install. (I not
talking about just being able to puruse the data on the disk I am talking
about being able to serreptitiously act as the administrator -- by using a
simple boot or rescue disk.) If you know how to do this I am certainly
willing to listen.
With regard to Solaris I had tried this a while back and was
unsuccessful--and apparently erroneously concluded that root could not be
acquired as easily as with a Linux rescue disk. (Note I didn't try a Linux
disk but used the Solaris start-up floppy - 7.0 fot the pc). Now having the
knowledge that this is indeed possible-and easily at that- I will give it a
go. Thank you.
I accept the critisism that I was a bit unfair with regard to singling out
SuSE -- to all please accept my humble apologizes.
Nevertheless (and here is where I respectfully disagree) I still think that
with respect to a rescue/boot disk unless the root password is actually
known it should not be allowed to be "reset" under any circumstances. Again
this is an opinion. The down side is that if you forget the root password
you will need to reinstall the OS--I think that is appropriate.
Regards,
Lee
Marcel Broekman wrote:
> Op zondag 14 juli 2002 22:31, schreef Lee Mavrogenis:
> > Davy,
> >
> > Don't be such a pretentious fop. This thread started as a complaint
> > by someone that they could get root access by merely using a "rescue
> > disk" My comments where made in this context and so still hold (with
> > the exception of redhat 5--perhaps).
> >
> > With regard to being able to get through almost any secrity -- that
> > was conceeded in my first post. A big DUH! to those who responded
> > without obviously having read the whole post.
> >
> > Don't be so enamored with yourself, as you indicate in your post you
> > really don't now what you are talking about but are venturing to make
> > a guess. That's fair--but no need to be an ass about it.
> >
> > Again, my comments where made within the context or the ORIGINAL
> > posted complaint.
> >
> > Regards,
> >
> > Lee
> >
>
> Lee,
>
> Point is that if you know what you're doing and you have physical access
> to any machine with any OS you can have root access within minutes, be
> it with a floppy disk, cdrom or removing the hd and mount it in another
> box.
> Saying that SuSE (or any other OS for that matter) is weak in that
> respect is bollocks. If you have to be that serious about the security
> of your boxes, you better know how to make them more secure and don't
> stick with the default install. That ultimately means that you'll have
> to keep them behind closed and locked doors.
>
> Cheers, Marcel
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
Thank you. I have embedded a couple of comments. Please note there was never
any intent on my part to troll--so lets be clear about that.
With regard to security breaches:
-- Yes, I believe I stated as much (in essense) in my post as follows --
"Granted, almost without exception any security scheme can be
breached....."
As far as root access from a boot/rescue disk (again, this being in context
to the original posted complaint) - within that strict context I am not
aware of being able use a boot disk with W2k Server or Advanced Server to
acquire root (admin) permissions - unless you do a full install. (I not
talking about just being able to puruse the data on the disk I am talking
about being able to serreptitiously act as the administrator -- by using a
simple boot or rescue disk.) If you know how to do this I am certainly
willing to listen.
With regard to Solaris I had tried this a while back and was
unsuccessful--and apparently erroneously concluded that root could not be
acquired as easily as with a Linux rescue disk. (Note I didn't try a Linux
disk but used the Solaris start-up floppy - 7.0 fot the pc). Now having the
knowledge that this is indeed possible-and easily at that- I will give it a
go. Thank you.
I accept the critisism that I was a bit unfair with regard to singling out
SuSE -- to all please accept my humble apologizes.
Nevertheless (and here is where I respectfully disagree) I still think that
with respect to a rescue/boot disk unless the root password is actually
known it should not be allowed to be "reset" under any circumstances. Again
this is an opinion. The down side is that if you forget the root password
you will need to reinstall the OS--I think that is appropriate.
Regards,
Lee
Marcel Broekman wrote:
> Op zondag 14 juli 2002 22:31, schreef Lee Mavrogenis:
> > Davy,
> >
> > Don't be such a pretentious fop. This thread started as a complaint
> > by someone that they could get root access by merely using a "rescue
> > disk" My comments where made in this context and so still hold (with
> > the exception of redhat 5--perhaps).
> >
> > With regard to being able to get through almost any secrity -- that
> > was conceeded in my first post. A big DUH! to those who responded
> > without obviously having read the whole post.
> >
> > Don't be so enamored with yourself, as you indicate in your post you
> > really don't now what you are talking about but are venturing to make
> > a guess. That's fair--but no need to be an ass about it.
> >
> > Again, my comments where made within the context or the ORIGINAL
> > posted complaint.
> >
> > Regards,
> >
> > Lee
> >
>
> Lee,
>
> Point is that if you know what you're doing and you have physical access
> to any machine with any OS you can have root access within minutes, be
> it with a floppy disk, cdrom or removing the hd and mount it in another
> box.
> Saying that SuSE (or any other OS for that matter) is weak in that
> respect is bollocks. If you have to be that serious about the security
> of your boxes, you better know how to make them more secure and don't
> stick with the default install. That ultimately means that you'll have
> to keep them behind closed and locked doors.
>
> Cheers, Marcel
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
| < Previous | Next > |