So... Toshiba just rooted my machine.

steyr · 08-31-2004, 10:43 PM

I had to turn my laptop in to have Toshiba replace the battery and check out some screen issues I was having. After receiving it back with a new battery, (Thanks Toshiba!) I noticed a little yellow sticky note on my laptop saying "root password set to password." The Toshiba techs didn't even need onto my linux partition, seeing how in clear letters in grub, I have an option for "win2k pro," but that's not the point. The point is on the labor statement it says, "labor time covered by warrenty: .5 hours."

So, I know it'd be impossible to crack my root password in 30 minutes, given that it's an eight character combination of letters and numbers not in the dictionary with alternating caps. Not only that, if they could crack the pass, why would they reset it? And they didn't format my /root partition 'cause all my old files are still there.

My question is, how'd they do this? How can I make my machine more secure? Am I a newb who is missing something really obvious and need to RTFM some more?

Thanks guys,
Paul

Capt_Caveman · 09-01-2004, 12:58 AM

Given physical access to basically any system (linux, windows, unix, mac) you can usually drop it down to a "safe-mode" and change the root passwd (actually cracking the password hashes themselves takes more time). Yes that's probably not wise in a security-sense, but it prevents people from being able to turn their own system into a doorstop by forgeting the root password. You can mitigate the risk of that happening normally (BIOS/GRUB paswords + a case lock), but someone with completely un-restricted access can usually reset root passwords trivially.

ugenn · 09-01-2004, 01:02 AM

Nothing wrong with the security model per se, just that they had physical access to your machine, which means they can "pull the rug from under" and bypass regular security mechanisms by booting with a LiveCD or floppy disk.

Poetics · 09-01-2004, 06:33 AM

Often also your system can be booted into Single-User mode wherein the root password is generally bypassed.

Agreed, though, why they would need to do any of that is beyond me ... honestly I would call them and complain; there's no reason they should have had to access your root account, especially when there's a Win partition that would be far more satisfying to mess with. You know what I mean, though.