LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-12-2003, 08:38 PM   #1
carboncopy
Senior Member
 
Registered: Jan 2003
Location: Malaysia
Distribution: Fedora Core, Slackware, Mac OS X, Debian, OpenSUSE
Posts: 1,210
Blog Entries: 4

Rep: Reputation: 45
Cool security hole or convenience?


Some one can gain root access to your computer if he or she have a Slackware disk.

This is what I did (to my own computer):
1. boot up into Slackware 9 Installation disk.
2. let it boot the kernel on cd-rom.
3. mount the / partition (hard disk) on somewhere such as /mnt/root
4. chroot /mnt/root

and here you go.. you have root access to the machine already (in 4 easy steps).

It is very useful if you forgot your root password I guess.
hehehe And also if you screw up your kernel and want to go in and do some repairing. But it is also dangerous.
 
Old 08-12-2003, 09:21 PM   #2
contrasutra
Guru
 
Registered: Mar 2003
Location: New Jersey
Distribution: Arch Linux
Posts: 1,445

Rep: Reputation: 46
Linux is very safe as a server. Which means remote people getting into it.

If stangers can get physical access to your machine, you have other security issues. Many cases come with Drive locks now as well.


So I consider it a convenience.
 
Old 08-12-2003, 09:25 PM   #3
vexer
Member
 
Registered: Jan 2003
Location: Sudbury Ontario, Canada
Distribution: Slackware
Posts: 388

Rep: Reputation: 30
well, I dought alot of admins who run linux on servers and/or public access will allow regular users to mount anything. Maybe floppy and cdrom, but that would be it. As for mounting partitions, I dought it.


-vexer
 
Old 08-13-2003, 03:07 AM   #4
bobtmasse
LQ Newbie
 
Registered: May 2003
Location: In front of the monitor
Posts: 16

Rep: Reputation: 0
This is normal operation and in some ways a convenience.

The first rule to ANY computer security is to restrict physical access to the machine unless there is no other choice. If it's a public machine:

1. Remove/secure the CD drive so they can't load programs
2. Remove/secure the floppy drive so they can't load programs
3. Cover/Lock the front panel so they can't press reset
4. Cover/Lock the front panel so they can't press power
5. Secure the power cord so they can't yank it
6. Secure the case so they can't open it
7. Cover/secure the USB ports so they can't load programs
8. Cover/secure the serial ports so they can't load programs
9. Cover/secure the parallel port so they can't load programs

You get the idea. I don't care what computer or OS it is, you give me unrestricted physical access to the machine, and I WILL have the whole cookie jar

So you need to lock that machine in a room or secure it from physical tampering in some way if you think there is a chance that someone you don't want to mess with the machine gets to it.

Last edited by bobtmasse; 08-13-2003 at 03:09 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
find security hole... os2 Linux - Security 5 10-13-2005 11:16 PM
check the security hole ust Linux - Security 6 09-10-2004 05:42 PM
panther security hole??? feetyouwell General 5 04-19-2004 10:03 AM
Security Hole -Samba dvong3 Linux - Security 1 03-21-2003 02:38 PM
Security Hole in PHP 4.3.0 Crashed_Again Linux - Security 1 03-01-2003 03:29 PM


All times are GMT -5. The time now is 05:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration