Re: (newbie) Question about core linux security

From: John Thompson (john_at_starfleet.os2.dhs.org)
Date: 02/12/04 

Date: Thu, 12 Feb 2004 01:00:03 GMT

On 2004-02-11, Sam Joharay <public_viewer@indiatimes.com> wrote:

> A friend of mine pointed this out to me
> (which I believe must be common knowledge
> though I'm kinda surprised by it):
>
> Claim: If you have physical access to a linux
> machine, you can gain root access. Furthermore
> you can create a user with any name which will
> have root access (thus leave a backdoor entry
> for remote root access).

Of course. Any time untrusted users have physical access to the hardware
you will have a security problem. Period. It doesn't matter if it's
linux, Windows, some big mainframe or whatever. Untrusted access to the
hardware is a security problem. Period.

If this is a realistic concern for you, secure the hardware and only allow
users to conect to it remotely, eg using an X terminal or thin client of
some kind.

> How to: Reboot the PC. Hit Ctrl-X when the login
> screen appears. You will get a command prompt
> that says "boot:"
> Type "linux 1"

Lilo allows you to password protect access to single user mode. This
offers some protection against unimaginative attackers, but it may be
enough of a deterrent for some situations.

>==============================================
>
> I want to know whether:
>
> a. this is a well known security flaw

Yes, see above.

> b. if there is someway to prevent this.

Yes, see above.

> c. is there anything that distinguishes a user thus
> created from the root user (in terms of privileges)

Any user with uid 0 will have root privileges. That's why intrusion
detection software spefically looks for other users with uid 0.

>=============================================
>
> If the claim is true (I have tried it on the redhat
> linux installation that I have) then IMHO, it means
> that a linux machine is only as secure as the lock
> that guards it.

The same is true of any other computer and operating system. You must
judge for yourself if the people who are likely to have physical access to
your computer can be trusted. If they can't be trusted, secure the
hardware and let them use an X terminal. 

-- 
-John (JohnThompson@new.rr.com)

Relevant Pages

  • Re: (newbie) Question about core linux security
    ... you can gain root access. ... > which has root privileges. ... > linux installation that I have) then IMHO, ... it's the same with any machine, if you have physical access, it's ...
    (comp.os.linux.security)
  • Re: (Xnews) Memory Problems reading goups with millions of posts - Thanks ->>> with a P.S. f
    ... need/want to DL more than 15,000 headers at once. ... You also haven't needed a PC that is a current hardware spec. ... aware of the existence of the "catch up and purge" feature, ... I also have a Linux Laptop with a 2.4 GHZ Mobile and 512 ...
    (news.software.readers)
  • Re: Moving From ProTools to Linux? Good or bad?
    ... I find that it's much easier to explain how audio routing works when people know the fundamentals. ... In hardware I always send them to the block diagram, and if necessary, coach them in reading it. ... I get the hint that Jack has something to do with this, but it's just not clear from what I can see from the JACK GUI. ... Has Linux "found" the sound card? ...
    (rec.audio.pro)
  • Re: (OT) Re: Intel T5470 in HP 6820s taktet nicht runter?
    ... sollten aus Linux raus sein Das Fragezeichen sind ... Betrachtungssache) oder dass die Hersteller die Informationen zu den Geräten ... wenn sich zwei Treiber beißen. ... Obwohl sowohl Hardware als auch ...
    (de.comp.sys.notebooks)
  • Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
    ... problems with hardware support and getting a new version of the BSD kernel to ... the GPL software in the device, it seems like a license violation to ... This would not only change the spirit of the license, ... Linux is the kernel. ...
    (Linux-Kernel)