Re: (newbie) Question about core linux security

From: Sam Joharay (public_viewer_at_indiatimes.com)
Date: 02/11/04 

Date: 11 Feb 2004 08:18:31 -0800

Jim Richardson <warlock@eskimo.com> wrote in message news:<ev9pf1-03u.ln1@grendel.myth>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10 Feb 2004 20:54:19 -0800,
> Sam Joharay <public_viewer@indiatimes.com> wrote:
> > Hi,
> >
> > A friend of mine pointed this out to me
> > (which I believe must be common knowledge
> > though I'm kinda surprised by it):
> >
> > Claim: If you have physical access to a linux
> > machine, you can gain root access. Furthermore
> > you can create a user with any name which will
> > have root access (thus leave a backdoor entry
> > for remote root access).
> >
> > How to: Reboot the PC. Hit Ctrl-X when the login
> > screen appears. You will get a command prompt
> > that says "boot:"
> > Type "linux 1"
> >
> > Once thus logged in, you have permissions to edit
> > all files. Edit /etc/passwd and add line:
> >
> > myuser::0:0:root:/root:/bin/bash
> >
> > Save file and exit (logout/reboot).
> > Now you have created a user with user name myuser
> > which has root privileges (try it).
> >
> >==============================================
> >
> > I want to know whether:
> >
> > a. this is a well known security flaw
> > b. if there is someway to prevent this.
> > c. is there anything that distinguishes a user thus
> > created from the root user (in terms of privileges)
> >
> >=============================================
> >
> > If the claim is true (I have tried it on the redhat
> > linux installation that I have) then IMHO, it means
> > that a linux machine is only as secure as the lock
> > that guards it.
> >
> > Please comment,
> > [Sam Jo]
>
>
> it's the same with any machine, if you have physical access, it's
> vulnerable. The OS is irrelevent. You can do the same thing with any
> version of MS-Windows.
>

Well, I did say that this must be common knowledge so I cant
understand some of the comments in earlier posts that go
"So what? ..."

The only point being made is that is it *that easy*? I would
imagine servers in any place being physically guarded, but
what about machines of individual users.. someone could just
walk up to my PC while I'm at lunch and add a root user in less
than 5 minutes.

Also could you tell how this is possible in Windows too? (I'm
talking of a simple procedure like the above which can be
carried out in a short time without requring the 'hacker' to
posses any addl software)

[Sam Jo]

Relevant Pages

  • RE: [Full-Disclosure] Automated ssh scanning
    ... > use a local exploit to gain root access. ... apps are prime targets, as well as things like vi, jed, etc. ... have not been removed or truncated in the exploitation. ...
    (Full-Disclosure)
  • Re: (newbie) Question about core linux security
    ... you can gain root access. ... > which has root privileges. ... > linux installation that I have) then IMHO, ... it's the same with any machine, if you have physical access, it's ...
    (comp.os.linux.security)
  • Re: brute force ssh attack
    ... >>meaning that they did gain root access after all but were able to hide this ... they probably gained root access in order to ... Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm ...
    (Fedora)
  • Re: Remote administration of FC 10 headless servers.
    ... how do you enable administration from VNC or NX when you have root access but don't have physical access. ...
    (Fedora)
  • Re: brute force ssh attack
    ... >meaning that they did gain root access after all but were able to hide this ... They tried to login as root, but according to /var/log/secure, they used a ... they probably gained root access in order to ...
    (Fedora)
Loading