PDA

View Full Version : Discussion Thread: Linux Security Bypasses.



30-10-2001, 03:01 PM
Hi,

I have been talking to a few Linux old hats, and they have recently discovered a few security workarounds linux provides for the advanced user.

The first is the ability to install new hardware using linux (the example they had tried was a HD) without setting it up in the BIOS and it would work. Hence it is possible to add new hardware without the administrators bios password using a linux netwrok with some root priviledges.

The second I cannot remember but I think it had something to do with bypassing the bios on boot as linux doesnot have to be booted in the same way as windows. I will ask and come back with the exact details later today sometime, but I just thought it might stimulate some discussion. Sorry I don't have all the details, but I am seeing these people today, and will ask them.

G P

31-10-2001, 11:18 AM
Guess I was wrong? (About the interest of this discussion) Or maybe no-one knows... cares... Or maybe this is the wrong place for 'chatting'. Oh, well.

P.S. I had to reply, my post was looking so sad with no replies.

G P

31-10-2001, 03:41 PM
Personally, local access isn't really a concern to me, if it was I would be using encrypted partitions.

Remote access would be a concern if I didn't have a winmodem protecting me :-).

31-10-2001, 03:53 PM
You friends had the wrong idea. If I am in the same room as the computer I don't need passwords, and you have zero security. That's why they have locked rooms and physical security for real systems. Microsoft made a big thing about NT meeting the American Govt C2 security specifications. What they didn't boast about was that, from memory, the compliance was for NT3.51 run on a particular model of Compaq 486, with the floppy drive araldited up, in a securely locked room, and with no network card or modem installed. The idea of having passwords, and privilege required for some operations is that you have individual users on serial or network lines, and operators and administrators being the only ones who can get their hands on the hardware. For your home system, the main reason is having a system usercode, and a user usercode is that if you discipline yourself to use root only when needed, you will mininize the harm that you can do to the system.
If you are connected to the internet, it should be hard to get root privilege down the line. (Xwindow is a problem in that respect). You will find that the default security is set so that you can't remotely log in as root.
But anyone who has access to the computer box and console has full access. Without passwords.