Re: Linux, BSD, and Unix are fundamentally insecure.

From: The Ghost In The Machine (ewill_at_aurigae.athghost7038suus.net)
Date: 09/13/04 

Date: Mon, 13 Sep 2004 14:38:09 GMT

In comp.os.linux.advocacy, Mike Cox
<mikecoxlinux@yahoo.com>
 wrote
on 10 Sep 2004 11:18:44 -0700
<3d6111f1.0409101018.2b5d065f@posting.google.com>:
> cmad <cmad_x@NOyahoo.comSPAM> wrote in message news:<chrdtu$6ck$1@usenet.otenet.gr>...
>> Mike Cox wrote:
>>
>> > When this consultant showed up, my MCSEs were ready to show how much
>> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>>
>> $$$$$
>>
>> > When the consultant was done with the demo, my MCSE, Scott, went up to
>> > the Linux box, and did the following:
>>
>> And he had to first get past the initial password check to do that,
>> right? But in front of him he had a box, where he had root access. Of
>> course he could do the below, and many many others.
>>
>> > linux init=/bin/sh
>> > mount -o remount -rw /
>> > mount /proc
>> > passwd
>> > mount -o remount -ro /
>> > umount /proc
>>
>> Is it just me or did he do a "skills showoff"? 5/6 of the above commands
>> needn't have been typed.
>>
>> > When Scott rebooted the machine, he typed in the new root password and
>> > was in. The consultants jaw dropped, my boss laughed, and will now
>> > trust my MCSE's judgement in all things related to IT in the company.
>>
>> If you want to run Windows, run Windows; no one is stopping you.... But
>> believing that *nix is insecure because someone with root access to it
>> changed the password is quite funny.
>
> That's not what he did. You don't understand *nix if you don't know
> that everyone of those commands is needed.

[1] Get Knoppix disk, or equivalent.
[2] Shutdown, insert disk, reboot, and log in. Note that you're
    logging into the *Knoppix* disk here.
[3] mkdir /tmp/mount; mount /dev/hdxy /tmp/mount
[4] chroot /tmp/mount /bin/bash
[5] passwd.
[6] Exit shell, umount /tmp/mount.
[7] Reboot, removing Knoppix disk as the BIOS starts up.
[8] You're in.

Should work on a large majority of boxes if their BIOS isn't set right.

Your method would also work, of course.

> The box was not logged in
> to, it had the login prompt there. Scott rebooted (ctrl alt del) the
> machine and passed a command to GRUB that booted linux into the BASH
> shell. He then mounted the /proc file system and then the /
> filesystem. He then changed the password.
>
> Every *nix machine is vulnerable to this sort of local security flaw.
> If you password protect the BIOS to prevent this, someone can just
> take out the battery out of the PC and then the BIOS password is
> reset. Someone can just take the Linux disk out, boot their own system
> and mount your disk no problem.
>
> Windows doesn't have this flaw. It requires the Administrator
> password before it will let you into safe mode or use the Windows 2000
> recovery CD. If you use the NTFS filesystem, you can select to
> encrypt the hard drive filesystem. That prevents someone from taking
> the disk out and trying to mount it using another OS. If you have
> encryption enabled, and mount a Windows disk on Linux, you wont be
> able to get in. I've tried it. Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever. But not with Linux.
> Forget you root password, and you can get a new one in about 1 minute.
> Not very secure. Not ready for the enterprise.
>
> And a BIOS password is not a fix. Someone can just take the battery
> out of the PC and it is reset.

Why, I do believe you're right. This means, of course, that
Windows security is far superior to Linux's, as the viruses
wandering into a Linux system are well aware...

:-P

So tell me again which system's more secure from a remote
attacker's standpoint? Never mind the local; one could
shut down the machine, unbolt the hard disk, and walk away
with it concealed underneath his coat. (And probably not
find anything useful if it's encrypted, but never mind that;
both systems have that option.) 

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

Relevant Pages

  • RE: [SLE] Need help recovering my Linux System
    ... >>would I want Windows on my other machine? ... I have the full backup of my old system on a usb disk ... I have never worked with setting up a usb connection on Linux. ... Windows partition ahead of both of my swap and my data partition. ...
    (SuSE)
  • Re: Cloning
    ... properly bios will see it but not windows. ... I have a 40 gig disk where my XP Pro is lying ... Cloning utilities belong to the class of tools that usually do not ...
    (microsoft.public.windowsxp.general)
  • Re: Well, Windows is back on the disk.
    ... So your saying that Microsoft makes billions monthly because people DESIRE ... I am too fracking lazy to teach myself the intricacies of Linux. ... All of the WINDOWS operating systems and office products are upgradeable to the latest security fixes and bug fixes. ... OS problems overwrites all personal files on the disk. ...
    (Ubuntu)
  • Re: XP cant see 2nd drive
    ... Using a caddy is a good option so long as the drive is OK, ... You can create it from windows if you have a floppy disk drive. ... on both hd 's and eventually got past the bios etc to Windows. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: maximum hard drive size in Latitude cpi
    ... >>Windows can see whatever it likes to see - it can talk to the disk as ... >>in disk i/o. ... > And yet Windows seems to be unable to see beyond the bios limit. ... actually written a boot loader they won't be so adamant about how "Windows ...
    (comp.sys.laptops)