Slackware 9.1, rescue disk, security hole?

luis002001 · 10-17-2003, 03:48 PM

Ok so I'm somewhat of a linux newbie so correct me if I'm wrong and the following isn't a security hole:

I noticed that you can boot from CD1 (Slackware 9.1) and load one of the kernel images from it (e.g bare.i) and then just mount any device as root and view/modify any file at your whim.

Now the wrong thing about this is that it allowed me to mount my main linux partition as root and it never prompted me for my root password!

As a note of interest:
Last time I checked when I booted from the Windows XP CD into it's "recovery console" it DID prompt me for an administrator password before allowing me access to the hard disk.

So, is there any way to correct this other than password-protect the BIOS?

Thanks,

Luis

quatsch · 10-17-2003, 04:19 PM

you don't even need a rescue CD to do what you're describing. You can even do it from the lilo prompt if you know how to pass kernel parameters.

So, yeah, if you allow someone to have physical access to your machine, they can do whatever the f@#k they want. But this is very different from being able to do it remotely. Besides, even in windows, there are ways for getting around that password check (otherwise, you'd be really screwed if you forgot your password - I don't remember mine).

dxdad · 10-17-2003, 05:40 PM

For the paranoid...

Some bios's have an option whereby they start with the keyboard if you don't enter a password at boot time therefore you couldn't bypass any security. Of course you'd have to weld your PC shut to stop people fiddling with the cmos battery...

chort · 10-17-2003, 06:03 PM

This is an old argument, and the facts that are usually sited are:
1.) You can use a Win2K CD to get by the password in WinXP
2.) BIOS passwords can be bypassed by resetting the CMOS jumper or simply removing the battery
3.) Anyone who has physical access to your system can just remove the hard disk drives, place them in another system (that they control) and mount them with root privilages

The only way to really protect your data is to use encrypted disk partitions (and that's only good if the encryption method is without known weaknesses and the same data was not originally stored "in the clear", since there are data recovery programs that can pull information off a HDD even if it's been overwritting several times).

Oh, so to sum up most people find it more preferable to be able to do maintenance quickly on hosed systems than it is to try to lock down the boot process to where it's next to impossible to boot w/o the root/admin password. If access to the bootstrap process is a concern, invest in case and drive locks.

luis002001 · 10-17-2003, 08:36 PM

Thanks for the replies guys,

Chort, I knew you could bypass the BIOS password by screwing around with the CMOS battery, but I was still surprised at how easy it was to get root access on the computer.

I agree however that this is completely different to being easy to "remotely" get root access.

darkseed2g3 · 10-17-2003, 11:15 PM

A couple of things you could do though Just to make things a little harder for whom ever is trying to mess with your computer .

Put it in a safe , dig a hole , leave it there unmarked.

But , you could lock the case. Then enter a password for setup, bios and the hard drive. Then put a password for GRUB. And setup grub so that you cannot enter any kernel commands , wich can lead to problems down the road. But like everyone else in this thread have been saying. To be honest if the person has physical access and enough determination, they can do what ever they please.