[lug] Re: linux

Eric Kilfoil ekilfoil at viawest.net
Tue Jun 19 13:21:11 MDT 2001 

Password protecting the bootup can be a bad idea.  If you ever have a
power problem, or for some reason, the machine reboots itself, you'll have
to physically go to the machine to type in the password and let it boot.

With physical access to the machine, you can ALWAYS gain root access.  A
CMOS password is a false sense of security.  There is no way around this.
The key is to protect the physical machine from unwanted parties gaining
access to the computer room.

Ways to gain root access when physical access is available:

boot from secondary media, mount the hard drive's root as /mnt/, modify
the passwd/shadow file.

BIOS passwords:  Trip the jumper to reset the BIOS on the motherboard.
Remove the CMOS battery.

Remove the Hard drive, put in another machine, mount paritions and change
passwords.

As you can see, when you have physical access to the computer, there is no
way to protect it.  This is true with any operating system, although
products such as Pitbull claim to protect a little better.

There are probably projects which encrypt data on the disk and can tie
data back to a hostid at the filesystem level.  This seems like a bit much
for anything short of financial instutions and the like.

Just remember, as security goes up, productivity goes down.

eric

On Tue, 19 Jun 2001, Greg Horne wrote:

> >From: "Dhruva B. Reddy" <sledgehammer2010 at yahoo.com>
> >Reply-To: lug at lug.boulder.co.us
> >To: lug at lug.boulder.co.us
> >Subject: Re: [lug] Re: linux
> >Date: Tue, 19 Jun 2001 09:14:20 -0600
> >
> >So basically, as long as you have physical access to the machine, there is
> >a way
> >to reset the root password?  Sounds scary.  Is it possible to do this
> >remotely?
> >That's even more scary.
>
> Nope.  You can only reset the root password from the acctual machine.  I'm
> sure there is some l33t hacker way to do it buy I have not heard of
> anything.  If you are really paranoid my Abit KT7-A MB has an option to
> password protect the bios and the startup of the computer for even more
> added protection.
>
> Greg
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list