Re: Root Permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Even with a LILO password, it's still rather easy to bypass. You can easily stick in a bootable CD and get into the machine without a password (I've done this for recovery more than once). And a BIOS password is just another bump in the road for anyone wanting to hack a machine, takes 30 seconds and a screwdriver to get around that (unless the case has thumb screws, then just 30 seconds). Basically, if someone has physical access to the machine, there will always be a way to get access. You can keep your data fairly safe with an encrypted filesystem, but the machine has to boot from something, so there is always something that can be compromised.

Also, there's a project called tripwire that you can use to detect changes to your system. Encrypt the verification files that this program generates, or store them somewhere other than the local system's hdd. It's also not a bad idea to keep very sensitive files (like your private encryption keys) on some kind of removable media; a usb thumb drive or similar would do the trick.

~Brad

Ahsan Ali wrote:
Hello Anindya,

The only surefire way of recovering from this is to rebuild the
machines from scratch. He could have installed several backdoors into
the system and no matter how many you find (if any) there will almost
certainly be more.

In fact, replacing netstat, ps etc with modified binaries which are
standard with "root-kits" he pretty much guarantees that you will not
even be able to see the process(es) that he installed that listen on
some other port for incoming connections.

So... if I were in your place, I would most certainly rebuild from scratch.

And oh... use a LILO password.

All you need to add are two lines:

password=<password>
restricted

to the LILO global config section in /etc/lilo.conf. The restricted
keyword will allow normal boot but will prompt you for the password
specified if you attempt to pass lilo any parameters at bootup.

Be sure to run lilo after making changes to /etc/lilo.conf, also since
the password is in clear text, make sure lilo.conf is not readable by
anyone except root.

chmod 600  /etc/lilo.conf

Regards,

Ahsan Ali

On Thu, 1 Jul 2004 10:34:25 +0530, Anindya Mozumdar <anindya@xxxxxxxxx> wrote:

Hi,
  The following problem may be trivial to some of you, however my
  knowledge of linux is limited, and I dont understand how can it be
  done.
  In our institute, we use Debian Linux, and the boot loader is lilo.
  For those machines where the lilo password is not set, ANY ONE can
  get a root shell by simply interrupting the boot process and typing
  linux init=/bin/sh in the boot prompt.
  One of my friends obtained a root shell in this manner, and has
  either made some changes, or set up some program, by which he can
  become root any time, without acutally knowing the root password,
  which is known only to our system administrator. What may be the
  possible things he has done to setup his program, and how can it be
  reversed ?
  Thanks in advance.
Anindya Mozumdar.
-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


- : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html


- : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux