Re: (newbie) Question about core linux security
From: Jim Richardson (warlock_at_eskimo.com)
Date: Wed, 11 Feb 2004 14:11:15 -0800
-----BEGIN PGP SIGNED MESSAGE-----
On 11 Feb 2004 08:18:31 -0800,
Sam Joharay <firstname.lastname@example.org> wrote:
> Jim Richardson <email@example.com> wrote in message news:<firstname.lastname@example.org>...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> On 10 Feb 2004 20:54:19 -0800,
>> Sam Joharay <email@example.com> wrote:
>> > Hi,
>> > A friend of mine pointed this out to me
>> > (which I believe must be common knowledge
>> > though I'm kinda surprised by it):
>> > Claim: If you have physical access to a linux
>> > machine, you can gain root access. Furthermore
>> > you can create a user with any name which will
>> > have root access (thus leave a backdoor entry
>> > for remote root access).
>> > How to: Reboot the PC. Hit Ctrl-X when the login
>> > screen appears. You will get a command prompt
>> > that says "boot:"
>> > Type "linux 1"
>> > Once thus logged in, you have permissions to edit
>> > all files. Edit /etc/passwd and add line:
>> > myuser::0:0:root:/root:/bin/bash
>> > Save file and exit (logout/reboot).
>> > Now you have created a user with user name myuser
>> > which has root privileges (try it).
>> > I want to know whether:
>> > a. this is a well known security flaw
>> > b. if there is someway to prevent this.
>> > c. is there anything that distinguishes a user thus
>> > created from the root user (in terms of privileges)
>> > If the claim is true (I have tried it on the redhat
>> > linux installation that I have) then IMHO, it means
>> > that a linux machine is only as secure as the lock
>> > that guards it.
>> > Please comment,
>> > [Sam Jo]
>> it's the same with any machine, if you have physical access, it's
>> vulnerable. The OS is irrelevent. You can do the same thing with any
>> version of MS-Windows.
> Well, I did say that this must be common knowledge so I cant
> understand some of the comments in earlier posts that go
> "So what? ..."
For the same reason you'd get the same responce if you went to someone
and told them that their house could be broken into by digging a hole
through the wall with a pickaxe. It leaves a mess, and is obvious.
> The only point being made is that is it *that easy*? I would
> imagine servers in any place being physically guarded, but
> what about machines of individual users.. someone could just
> walk up to my PC while I'm at lunch and add a root user in less
> than 5 minutes.
Use a password in the lilo or grub conf, it won't stop someone booting
via CD or such (password protected bios would help here) but will
prevent someone booting to single mode without the root password.
> Also could you tell how this is possible in Windows too? (I'm
> talking of a simple procedure like the above which can be
> carried out in a short time without requring the 'hacker' to
> posses any addl software)
> [Sam Jo]
Attacker walks up to your system, pops in a floppy, boots, does the
dirty deed, walks away.
If you want to make artificial constraints like hacker is not permitted
to "posses any addl software" then you are fooling yourself.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
-- Jim Richardson http://www.eskimo.com/~warlock "I don't think of it as supporting Castro, I think of it as burning his crops." -- Caspar Weinberger on cigars