| 1 |
On Sunday 16 April 2006 06:54, "Alan E. Davis" <lngndvs@×××××.com> wrote |
| 2 |
about '[gentoo-user] Security from non-authorized logins': |
| 3 |
> I helped a friend install Ubuntu GNU/Linux on his laptop, he left |
| 4 |
> town, forgot his passwords, and I promised to breakin for him, so he |
| 5 |
> can re-do his passwords. Told him all I have to do is run Knoppix, |
| 6 |
> access his partition, and delete the little x in the password file. |
| 7 |
> Then he would reset his root password in be back in business. |
| 8 |
> |
| 9 |
> He felt betrayed. I understand why, I think: what's secure about |
| 10 |
> GNU/Linux if anyone can boot the system and reset his passwords? |
| 11 |
|
| 12 |
First of all, you can't have it both ways. Either there's a way to get |
| 13 |
into your system without your password(s) or you are screwed when you |
| 14 |
forget your password. |
| 15 |
|
| 16 |
Second, any OS that doesn't hold it's password file on an encrypted area |
| 17 |
protected by some other master password, is subject to the same attack. |
| 18 |
Sometimes there's more "security by obscurity" to deal with, but that only |
| 19 |
has to be dealt with once. (For example, "rooting" a Windows box requires |
| 20 |
tools that are a bit more specialized than a text editor.) |
| 21 |
|
| 22 |
> Oh, well, does anyone have anything to suggest or to say about this? |
| 23 |
|
| 24 |
You can set your BIOS so that only device X is bootable, but there's two |
| 25 |
ways around that. Since you have physical access, you can either (a) |
| 26 |
exchange the media hooked to device X or (b) short the reset pins / remove |
| 27 |
the MB battery to reset the BIOS to factory defaults. Either might |
| 28 |
require opening the case, but are pretty easy to do. Also, it really easy |
| 29 |
to forget BIOS passwords since they aren't needed that often. |
| 30 |
|
| 31 |
Now, okay, so lets work under the assumption that the attacker has full |
| 32 |
control over your boot process. They can load any OS they want so even if |
| 33 |
they have no /other/ way to access your data, they can simply read it byte |
| 34 |
by byte off of the hard drive. They can also write to the hard drive, so |
| 35 |
they could replace your secure software with insecure or malicious |
| 36 |
software (assuming the can read the software enough to know how to modify |
| 37 |
it). [The same can be said for transforming innocuous data to |
| 38 |
incriminating data.] Even if they don't have enough access to modify your |
| 39 |
software, they could just overwrite the HD and deprive you of the data. |
| 40 |
|
| 41 |
Now, while we can't prevent vandals from destroying your data, it is |
| 42 |
possible to encrypt everything on your HD 'cept for the kernel and just |
| 43 |
enough user-space tools to start the decryption. This prevents the |
| 44 |
attacker from stealing the data, and also prevents an attacker from |
| 45 |
replacing your secure software with insecure or malicious software (they |
| 46 |
don't know where/what to write). The keys are protected by a password; |
| 47 |
without the password NO ONE can get them, so DON'T LOSE THE PASSWORD. |
| 48 |
|
| 49 |
Finally, I do want to take this opportunity to mention one of the |
| 50 |
possible /benefits/ of TPM / TCM / "Treacherous" Computing. Assuming you |
| 51 |
have the keys to your computer, it will only load BIOSes that you've |
| 52 |
allowed which will only load kernels you've allowed, which give you |
| 53 |
control over you boot process again -- encryption will still be necessary |
| 54 |
to safeguard against your HD simply being stolen, but TPM/TCM is does |
| 55 |
close a few holes. (Of course, this is not how MS etc. want TPM/TCM |
| 56 |
implemented; they are looking at a system design where /THEY/ own the keys |
| 57 |
to your computer.) |
| 58 |
|
| 59 |
-- |
| 60 |
"If there's one thing we've established over the years, |
| 61 |
it's that the vast majority of our users don't have the slightest |
| 62 |
clue what's best for them in terms of package stability." |
| 63 |
-- Gentoo Developer Ciaran McCreesh |
Archives