Re: Root access
From: Simon Matthews (nobody@devnull.com)Date: 05/06/02
- Next message: Borge Haga: "Re: Securing my Linux-pc? Worried....hacked?"
- Previous message: John Thompson: "RealPlayer and iptables"
- In reply to: Luke Vogel: "Re: Root access"
- Next in thread: Greg Owen: "Re: Root access"
- Reply: Greg Owen: "Re: Root access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Simon Matthews <nobody@devnull.com> Date: Mon, 06 May 2002 20:56:25 GMT
On Mon, 6 May 2002, Luke Vogel wrote:
> LIDS is a very comprehensive package designed to limit what root (and
> _any_ other account for that matter) can do on a file system.
>
While LIDS looks interesting at hardening a system, I suspect that a
determined sysadmin with root access could get around it with only a
little effort.
On a Linux box, I suspect one could:
1. add an extra disk
2. Copy the entire disk (with the protected data) using "dd" from the raw
disk (or partition) device to the new disk.
3. Take the disk to another system that is not running LIDS.
Or:
1. During scheduled downtime, boot the LIDS-protected machine with a
kernel that does not include LIDS.
Simon
- Next message: Borge Haga: "Re: Securing my Linux-pc? Worried....hacked?"
- Previous message: John Thompson: "RealPlayer and iptables"
- In reply to: Luke Vogel: "Re: Root access"
- Next in thread: Greg Owen: "Re: Root access"
- Reply: Greg Owen: "Re: Root access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
