Re: Linux, BSD, and Unix are fundamentally insecure.

From: Mike Cox (mikecoxlinux_at_yahoo.com)
Date: 09/10/04 

Date: 10 Sep 2004 11:18:44 -0700

cmad <cmad_x@NOyahoo.comSPAM> wrote in message news:<chrdtu$6ck$1@usenet.otenet.gr>...
> Mike Cox wrote:
>
> > When this consultant showed up, my MCSEs were ready to show how much
> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>
> $$$$$
>
> > When the consultant was done with the demo, my MCSE, Scott, went up to
> > the Linux box, and did the following:
>
> And he had to first get past the initial password check to do that,
> right? But in front of him he had a box, where he had root access. Of
> course he could do the below, and many many others.
>
> > linux init=/bin/sh
> > mount -o remount -rw /
> > mount /proc
> > passwd
> > mount -o remount -ro /
> > umount /proc
>
> Is it just me or did he do a "skills showoff"? 5/6 of the above commands
> needn't have been typed.
>
> > When Scott rebooted the machine, he typed in the new root password and
> > was in. The consultants jaw dropped, my boss laughed, and will now
> > trust my MCSE's judgement in all things related to IT in the company.
>
> If you want to run Windows, run Windows; no one is stopping you.... But
> believing that *nix is insecure because someone with root access to it
> changed the password is quite funny.

That's not what he did. You don't understand *nix if you don't know
that everyone of those commands is needed. The box was not logged in
to, it had the login prompt there. Scott rebooted (ctrl alt del) the
machine and passed a command to GRUB that booted linux into the BASH
shell. He then mounted the /proc file system and then the /
filesystem. He then changed the password.

Every *nix machine is vulnerable to this sort of local security flaw.
If you password protect the BIOS to prevent this, someone can just
take out the battery out of the PC and then the BIOS password is
reset. Someone can just take the Linux disk out, boot their own system
and mount your disk no problem.

Windows doesn't have this flaw. It requires the Administrator
password before it will let you into safe mode or use the Windows 2000
recovery CD. If you use the NTFS filesystem, you can select to
encrypt the hard drive filesystem. That prevents someone from taking
the disk out and trying to mount it using another OS. If you have
encryption enabled, and mount a Windows disk on Linux, you wont be
able to get in. I've tried it. Heck, once i've forgotten my Windows
2000 Admin password and was locked out forever. But not with Linux.
Forget you root password, and you can get a new one in about 1 minute.
 Not very secure. Not ready for the enterprise.

And a BIOS password is not a fix. Someone can just take the battery
out of the PC and it is reset.

Relevant Pages

  • Re: Linux, BSD, and Unix are fundamentally insecure.
    ... >> When the consultant was done with the demo, my MCSE, Scott, went up to ... > If you want to run Windows, run Windows; ... machine and passed a command to GRUB that booted linux into the BASH ... Someone can just take the Linux disk out, ...
    (comp.unix.bsd.openbsd.misc)
  • RE: [SLE] Need help recovering my Linux System
    ... >>would I want Windows on my other machine? ... I have the full backup of my old system on a usb disk ... I have never worked with setting up a usb connection on Linux. ... Windows partition ahead of both of my swap and my data partition. ...
    (SuSE)
  • Re: Well, Windows is back on the disk.
    ... So your saying that Microsoft makes billions monthly because people DESIRE ... I am too fracking lazy to teach myself the intricacies of Linux. ... All of the WINDOWS operating systems and office products are upgradeable to the latest security fixes and bug fixes. ... OS problems overwrites all personal files on the disk. ...
    (Ubuntu)
  • Re: Equivalent utilities?
    ... All this about how nice Linux is and "don't worry" etc etc. ... Windows tend to do it at all times, ... Linux will normally manage/handle disk fragmentation but!!! ...
    (alt.os.linux)
  • Re: Linux, BSD, and Unix are fundamentally insecure.
    ... > machine and passed a command to GRUB that booted linux into the BASH ... Someone can just take the Linux disk out, ... > Windows doesn't have this flaw. ... > the disk out and trying to mount it using another OS. ...
    (comp.unix.bsd.freebsd.misc)