1 |
On Sunday 16 April 2006 06:54, "Alan E. Davis" <lngndvs@×××××.com> wrote |
2 |
about '[gentoo-user] Security from non-authorized logins': |
3 |
> I helped a friend install Ubuntu GNU/Linux on his laptop, he left |
4 |
> town, forgot his passwords, and I promised to breakin for him, so he |
5 |
> can re-do his passwords. Told him all I have to do is run Knoppix, |
6 |
> access his partition, and delete the little x in the password file. |
7 |
> Then he would reset his root password in be back in business. |
8 |
> |
9 |
> He felt betrayed. I understand why, I think: what's secure about |
10 |
> GNU/Linux if anyone can boot the system and reset his passwords? |
11 |
|
12 |
First of all, you can't have it both ways. Either there's a way to get |
13 |
into your system without your password(s) or you are screwed when you |
14 |
forget your password. |
15 |
|
16 |
Second, any OS that doesn't hold it's password file on an encrypted area |
17 |
protected by some other master password, is subject to the same attack. |
18 |
Sometimes there's more "security by obscurity" to deal with, but that only |
19 |
has to be dealt with once. (For example, "rooting" a Windows box requires |
20 |
tools that are a bit more specialized than a text editor.) |
21 |
|
22 |
> Oh, well, does anyone have anything to suggest or to say about this? |
23 |
|
24 |
You can set your BIOS so that only device X is bootable, but there's two |
25 |
ways around that. Since you have physical access, you can either (a) |
26 |
exchange the media hooked to device X or (b) short the reset pins / remove |
27 |
the MB battery to reset the BIOS to factory defaults. Either might |
28 |
require opening the case, but are pretty easy to do. Also, it really easy |
29 |
to forget BIOS passwords since they aren't needed that often. |
30 |
|
31 |
Now, okay, so lets work under the assumption that the attacker has full |
32 |
control over your boot process. They can load any OS they want so even if |
33 |
they have no /other/ way to access your data, they can simply read it byte |
34 |
by byte off of the hard drive. They can also write to the hard drive, so |
35 |
they could replace your secure software with insecure or malicious |
36 |
software (assuming the can read the software enough to know how to modify |
37 |
it). [The same can be said for transforming innocuous data to |
38 |
incriminating data.] Even if they don't have enough access to modify your |
39 |
software, they could just overwrite the HD and deprive you of the data. |
40 |
|
41 |
Now, while we can't prevent vandals from destroying your data, it is |
42 |
possible to encrypt everything on your HD 'cept for the kernel and just |
43 |
enough user-space tools to start the decryption. This prevents the |
44 |
attacker from stealing the data, and also prevents an attacker from |
45 |
replacing your secure software with insecure or malicious software (they |
46 |
don't know where/what to write). The keys are protected by a password; |
47 |
without the password NO ONE can get them, so DON'T LOSE THE PASSWORD. |
48 |
|
49 |
Finally, I do want to take this opportunity to mention one of the |
50 |
possible /benefits/ of TPM / TCM / "Treacherous" Computing. Assuming you |
51 |
have the keys to your computer, it will only load BIOSes that you've |
52 |
allowed which will only load kernels you've allowed, which give you |
53 |
control over you boot process again -- encryption will still be necessary |
54 |
to safeguard against your HD simply being stolen, but TPM/TCM is does |
55 |
close a few holes. (Of course, this is not how MS etc. want TPM/TCM |
56 |
implemented; they are looking at a system design where /THEY/ own the keys |
57 |
to your computer.) |
58 |
|
59 |
-- |
60 |
"If there's one thing we've established over the years, |
61 |
it's that the vast majority of our users don't have the slightest |
62 |
clue what's best for them in terms of package stability." |
63 |
-- Gentoo Developer Ciaran McCreesh |