Protection from a Rescue or Live CD accessing the filesystem
This is a discussion on Protection from a Rescue or Live CD accessing the filesystem within the Linux Operating System forums, part of the Unix Operating Systems category; --> Hello, On any Linux filesystem, if I boot off of a live CD like Knoppix or the Redhat Disc ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-18-2008, 10:12 AM
| ||||
| ||||
 Protection from a Rescue or Live CD accessing the filesystem Hello, On any Linux filesystem, if I boot off of a live CD like Knoppix or the Redhat Disc 1 "rescue CD" of any distribution, I can mount the filesystem, and then do things like edit the /etc/passwd to remove the fact that root has a password, and then just reboot and login to the system without a password! How do I prevent someone doing this to my computer?!!!!!! Thanks.      |
|
01-18-2008, 10:12 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem In comp.os.linux.development.system binary-nomad@hotmail.com wrote: > On any Linux filesystem, It's nothing to do with linux, or with your filesystem. Why do you say so? > if I boot off of a live CD like Knoppix or the > Redhat Disc 1 "rescue CD" of any distribution, I can mount the > filesystem, and then do things like edit the /etc/passwd to remove the > fact that root has a password, and then just reboot and login to the > system without a password! And what is strange about that? > How do I prevent someone doing this to my computer?!!!!!! Don't let them get near it. Someone with physical access can do anything - including manipulating your data. If you know someone nearby with a knoppix CD, disable boot from CD in the bios, and add a boot password in the bios. You could also do various encrypty things, but why? If they have physical access they can bug your keyboard and watch your keystrokes! Peter |
|
01-18-2008, 10:12 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem On 2005-12-02, binary-nomad@hotmail.com <binary-nomad@hotmail.com> wrote: > How do I prevent someone doing this to my computer?!!!!!! You put your computer in a locked room and you keep your key in your pocket. What do you expect? Davide -- Best viewed with Internet Explorer 5.6 on a 1280x1024 resolution with 24-bit color depth, maximum contrast, minimum brightness, in a 1000x960 window placed in the exact center of your display with this videocard and .... -- from alt.sysadmin.recovery |
|
01-18-2008, 10:13 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem In comp.os.linux.development.system binary-nomad@hotmail.com wrote: > On any Linux filesystem, if I boot off of a live CD like > Knoppix or the Redhat Disc 1 "rescue CD" of any distribution, > I can mount the filesystem, and then do things like edit the > /etc/passwd to remove the fact that root has a password, and > then just reboot and login to the system without a password! > How do I prevent someone doing this to my computer?!!!!!! Very easily: 1) Go into BIOS and disable all boot devices other than HD. 2) Turn BIOS passwd protection on. 3) Lock the case to prevent BIOS jumper reset. You may also want to secure access to power because some [older] Linux distros would give a passwd-free root prompt after a certain type of fsck failure. The exploit was to cycle power (forcing fsck or reboot) until the root prompt appeared. I _think_ this hole has been closed. -- Robert |
|
01-18-2008, 10:13 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem You could design your own filesystem that encrypts and decrypts the data as it is written and read based on a password supplied when the device is mounted. The details are left an an exercise for the reader..... <binary-nomad@hotmail.com> wrote in message news:1133522148.436959.286260@f14g2000cwb.googlegr oups.com... > Hello, > On any Linux filesystem, if I boot off of a live CD like Knoppix or the > Redhat Disc 1 "rescue CD" of any distribution, I can mount the > filesystem, and then do things like edit the /etc/passwd to remove the > fact that root has a password, and then just reboot and login to the > system without a password! > How do I prevent someone doing this to my computer?!!!!!! > > > Thanks. > |
|
01-18-2008, 10:13 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem Robert Redelmeier <redelm@ev1.net.invalid> writes: > In comp.os.linux.development.system binary-nomad@hotmail.com wrote: >> On any Linux filesystem, if I boot off of a live CD like >> Knoppix or the Redhat Disc 1 "rescue CD" of any distribution, >> I can mount the filesystem, and then do things like edit the >> /etc/passwd to remove the fact that root has a password, and >> then just reboot and login to the system without a password! >> How do I prevent someone doing this to my computer?!!!!!! > > Very easily: > > 1) Go into BIOS and disable all boot devices other than HD. > 2) Turn BIOS passwd protection on. This won't stop someone connecting the HD to another machine. > 3) Lock the case to prevent BIOS jumper reset. I've yet to see a case that couldn't be broken into with ordinary tools. The flimsiest ones can probably be opened with your bare hands. -- Måns Rullgård mru@inprovide.com |
|
01-18-2008, 10:13 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem Steve Foley wrote: > You could design your own filesystem that encrypts and decrypts the data as > it is written and read based on a password supplied when the device is > mounted. > > The details are left an an exercise for the reader..... No need to re-invent a wheel: crypto-loop filesystems have already been invented. -- Tauno Voipio tauno voipio (at) iki fi |
|
01-18-2008, 10:13 AM
| |||
| |||
| Re: Protection from a Rescue or Live CD accessing the filesystem In comp.os.linux.development.system Robert Redelmeier <redelm@ev1.net.invalid>: > In comp.os.linux.development.system binary-nomad@hotmail.com wrote: >> On any Linux filesystem, if I boot off of a live CD like >> Knoppix or the Redhat Disc 1 "rescue CD" of any distribution, >> I can mount the filesystem, and then do things like edit the >> /etc/passwd to remove the fact that root has a password, and >> then just reboot and login to the system without a password! >> How do I prevent someone doing this to my computer?!!!!!! > Very easily: > 1) Go into BIOS and disable all boot devices other than HD. > 2) Turn BIOS passwd protection on. > 3) Lock the case to prevent BIOS jumper reset. Stops only non serious attacker. > You may also want to secure access to power because some > [older] Linux distros would give a passwd-free root prompt > after a certain type of fsck failure. The exploit was to cycle > power (forcing fsck or reboot) until the root prompt appeared. > I _think_ this hole has been closed. What exploit? Sounds like using the next crowbar to break into your car and telling you there's an exploit against it. Only preventing physical access will make those attempts impossible. -- Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94) mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' #bofh excuse 200: The monitor needs another box of pixels. |
|
01-18-2008, 10:13 AM
| ||||
| ||||
| Re: Protection from a Rescue or Live CD accessing the filesystem In comp.os.linux.development.system Michael Heiming <michael+USENET@www.heiming.de> wrote: >>> How do I prevent someone doing this to my computer?!!!!!! > >> Very easily: > >> 1) Go into BIOS and disable all boot devices other than HD. >> 2) Turn BIOS passwd protection on. >> 3) Lock the case to prevent BIOS jumper reset. > > Stops only non serious attacker. What steps would a serious attacker use, short of smashing locks? -- Robert |
Linear Mode
