security hole or convenience?

carboncopy · 08-12-2003, 08:38 PM

Some one can gain root access to your computer if he or she have a Slackware disk.

This is what I did (to my own computer):
1. boot up into Slackware 9 Installation disk.
2. let it boot the kernel on cd-rom.
3. mount the / partition (hard disk) on somewhere such as /mnt/root
4. chroot /mnt/root

and here you go.. you have root access to the machine already (in 4 easy steps).

It is very useful if you forgot your root password I guess.

hehehe And also if you screw up your kernel and want to go in and do some repairing. But it is also dangerous.

contrasutra · 08-12-2003, 09:21 PM

Linux is very safe as a server. Which means remote people getting into it.

If stangers can get physical access to your machine, you have other security issues. Many cases come with Drive locks now as well.

So I consider it a convenience.

vexer · 08-12-2003, 09:25 PM

well, I dought alot of admins who run linux on servers and/or public access will allow regular users to mount anything. Maybe floppy and cdrom, but that would be it. As for mounting partitions, I dought it.

-vexer

bobtmasse · 08-13-2003, 03:07 AM

This is normal operation and in some ways a convenience.

The first rule to ANY computer security is to restrict physical access to the machine unless there is no other choice. If it's a public machine:

1. Remove/secure the CD drive so they can't load programs
2. Remove/secure the floppy drive so they can't load programs
3. Cover/Lock the front panel so they can't press reset
4. Cover/Lock the front panel so they can't press power
5. Secure the power cord so they can't yank it
6. Secure the case so they can't open it
7. Cover/secure the USB ports so they can't load programs
8. Cover/secure the serial ports so they can't load programs
9. Cover/secure the parallel port so they can't load programs

You get the idea. I don't care what computer or OS it is, you give me unrestricted physical access to the machine, and I WILL have the whole cookie jar

So you need to lock that machine in a room or secure it from physical tampering in some way if you think there is a chance that someone you don't want to mess with the machine gets to it.