LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-18-2022, 01:22 PM   #16
BillDietrich
LQ Newbie
 
Registered: Apr 2021
Posts: 2

Rep: Reputation: Disabled

If you have physical access to a Linux machine, you can boot into live session from USB and you are root. Then you edit /etc/passwd and /etc/shadow and other files on disk.

That's one reason why people use full-disk encryption, to defeat this kind of attack. If you don't know the disk decryption password, you can't read or change the data on disk, the worst you can do is overwrite the disk and make it unbootable/unreadable.
 
1 members found this post helpful.
Old 09-18-2022, 01:41 PM   #17
gouttegd
Member
 
Registered: Nov 2019
Location: London, UK
Distribution: Slackware
Posts: 87

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by bert07 View Post
A Linux-computer is not as safe as you think it is;
Oh, it’s even worse than you think…

Not many people know this, but if know where to look you can find the entire source code of Linux on the Internet!

I wish I were joking, but I am not. The entire source code of Linux can be found by anyone with a very little amount of research (I found it; I won’t tell where it was, but it was disturbingly easy to find). And then anyone can find the security holes and start exploiting them!

Of course when I found that I immediately wiped out Slackware from my machine and replaced it with a good old Windows XP SP2 (I knew it was a good idea not to throw that CD away!).
 
1 members found this post helpful.
Old 09-18-2022, 01:49 PM   #18
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,619

Rep: Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018
Quote:
Originally Posted by bert07 View Post
Booting from another medium 'as I also did to make the changes) does not enable you to log into the target system as if you booted the system itself.
But it does allow you to change the system's root password. I thought that was the point?

Last edited by dugan; 09-18-2022 at 02:21 PM.
 
Old 09-18-2022, 01:50 PM   #19
yvesjv
Member
 
Registered: Sep 2015
Location: Australia
Distribution: Slackware, Devuan, Freebsd
Posts: 206

Rep: Reputation: Disabled
Thumbs down

Quote:
Originally Posted by gouttegd View Post
Not many people know this, but if know where to look you can find the entire source code of Linux on the Internet!
Not news at all... that's the way it is meant to be.
But then I guess you tried trolling everyone here
 
Old 09-18-2022, 01:58 PM   #20
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,619

Rep: Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018
@gouttegd: OP does not deserve to have the thread derailed like this.

Last edited by dugan; 09-18-2022 at 02:00 PM.
 
Old 09-18-2022, 02:17 PM   #21
gouttegd
Member
 
Registered: Nov 2019
Location: London, UK
Distribution: Slackware
Posts: 87

Rep: Reputation: 157Reputation: 157
Alright, alright.

So, OP: You may have been genuinely well-intentioned in reporting this, but the fact is you found nothing new, and nothing that “Linux Professionals” should be alerted about.

It’s a well-known and well-accepted truth that once bad guys have physical access to your machine, all bets are off. Booting on another system than the one installed on the hard disk (using e.g. a USB key, or, back in the old days, on a live-CD, or, back in the even older days, on a floppy disk), mounting the root filesystem, and doing whatever you want on it (including messing with /etc/shadow). It has been completely documented for decades – as it should be, because it’s a perfectly legitimate way of doing exactly what you wanted to do: restoring access to your system after you forgot your password.

It is not a security vulnerability and it says nothing about the “safety of a Linux-computer”.

If you are still concerned about what you found, there are ways to protect your system even in the case your machine gets in the physical hands of an attacker. By order of simplicity and depending on the kind of attacks you want to protect yourself against:

BIOS passwords
Will prevent an attacker from booting on anything, including a live USB/CD.

What it will not protect against: data theft. If what the attackers are looking for is your data on your disk, then all they have to do is to physically open your machine, take the hard disk out, and put it into another machine. Then they can boot on that other machine and explore the contents of the disk as much as they want.

Full-disk encryption
Will prevent an attacker from doing what I just wrote: even if they put the disk in another machine, they won’t be able to mount the filesystem and explore its contents without knowing the encryption passphrase. They can try brute-forcing the passphrase of course, but as long as you chose a “decent” passphrase you should have nothing to worry about.

What it will not protect against: the so-called “evil maid attacks”. Basically, a scenario when the attackers get physical access to your machine once, alter the boot system, then somehow give you your machine back in such a way that you do not realize it has been in their hands and has been tampered with (for example, a hotel maid could do that by entering your room while you’re having breakfast at the hotel’s restaurant – hence the nickname of this kind of attacks).

SecureBoot
Implemented correctly and assuming you trust Microsoft, it should prevent the ”evil maid attacks”, by preventing the attackers from tampering with the boot system (or rather, they may still tamper with the boot system, but after that SecureBoot should prevent it from booting).

Last edited by gouttegd; 09-18-2022 at 02:48 PM. Reason: adding more details on what the mitigations can do
 
2 members found this post helpful.
Old 09-18-2022, 07:44 PM   #22
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,619

Rep: Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018
Quote:
Originally Posted by bert07 View Post
And I won't tell how I did it.
Then, even if your discovery actually is as significant as you seem to think it is, you're not actually reporting anything. What makes you think that a thread where you go out of your way to withhold information would be interesting to "Linux professionals"?

Quote:
Originally Posted by bert07 View Post
Because it is so easy and if I should publish it, many people shall take advantage of it to break in other people's computer.
In the open source community, we do not believe in security by obscurity.

BTW, I'm sorry you did not like the word "trivial", but you'd better believe that "I got myself locked out and I figured out how to get back in without googling; here's how I did it" would have been a more impressive story of what actually happened.

Last edited by dugan; 09-18-2022 at 08:00 PM.
 
Old 09-18-2022, 08:29 PM   #23
!!!
Member
 
Registered: Jan 2017
Location: Fremont, CA, USA
Distribution: Trying any&ALL on old/minimal
Posts: 924

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by !!! View Post
... is your Technique also usable on the best protected Microsoft Windows 11 system? ...

@bert07: you seem to have missed that question, and I think it is important information. Thanks.
 
Old 09-19-2022, 12:33 AM   #24
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 18,971

Rep: Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434Reputation: 6434
Quote:
Originally Posted by bert07 View Post
It seems you did read the part where I stated that I need to be physically at your computer.
What you told is just nonsense. In most cases you cannot go to the host (especially if that was a virtual server).
You can always try to hack a physical server, but usually you are not allowed to reach them. So those hosts are not in danger (from this point of view).
From the other hand some hosts contain encrypted volumes, so you will not be able to alter the system (but you can destroy it).
BIOS password was also mentioned, you cannot even boot anything without knowing that.

So it is not true, linux systems are not really vulnerable that way. There are other problems which must be taken more seriously.
 
Old 09-20-2022, 01:13 PM   #25
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,922
Blog Entries: 4

Rep: Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586
For all the "pooh-pooh" about it, SecureBoot™ was developed to address a legitimate business concern. That, during "regularly scheduled downtime," corporate spies would secretly "reboot" a server under another operating system (Linux ...), and thereby entirely(!!) bypass the corporation's intended (Windows based ... or could indeed be Linux based ...) security controls.

The situation at the time was basically: "an impregnable(?) bank-vault door beside an open window."

While the implementation chosen, of course, was "the result of many technical compromises," it more-or-less did achieve the minimal intended outcome. And, it could be implemented within the very-limited constraints of "BIOS firmware programming" on most then-existing hardware. The necessary new programming could be applied using a routine "flash update" which wouldn't "brick" the computer in question.

Today, it has actually worked. You can no longer expect to be able to reboot a server "into anything you want," just by sticking a USB-stick into a slot on the front panel and pressing the "reset" button. Without being challenged, and stopped.

Of course, legitimate Linux installations were never denied proper access to the necessary PKI-key information, because Linux today is a perfectly-legitimate part of the picture which requires just as much protection.

"No, it isn't great, but more-or-less it does work ..."

Last edited by sundialsvcs; 09-20-2022 at 01:23 PM.
 
Old 09-20-2022, 01:20 PM   #26
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 6,398
Blog Entries: 3

Rep: Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339Reputation: 3339
Quote:
Originally Posted by sundialsvcs View Post
And of course, legitimate Linux installations were never denied proper access to the necessary PKI-key information, because Linux today is a perfectly-legitimate part of the picture which requires protection.
Except that none of the OEMs have keys signed by Linux projects. The various distros, led down the path by Canonical, have their shims and such signed by M$. If the distros' own keys were distributed by the UEFI / Restricted Boot cabal, then it would be less risky than it has become. As it stands, the distros require M$ permission to boot, if Restricted Boot is turned on.
 
Old 09-20-2022, 06:44 PM   #27
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,619

Rep: Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018
Genuinely curious as to what bert07 thinks you’re actually supposed to do if you forget your login passwords.
 
Old 09-21-2022, 07:40 PM   #28
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,922
Blog Entries: 4

Rep: Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586Reputation: 3586
So far as I am aware, Microsoft is the custodian of the private key. I don't know if there are others.
 
Old 09-23-2022, 06:52 PM   #29
MIJ-VI
Member
 
Registered: May 2010
Location: Earth.
Distribution: Linux Mint 21 Cinnamon
Posts: 48

Rep: Reputation: 2
While the essence of this thread's topic and discussion is rather lofty for one of my marginal skills, the aspect I did pick up on is forgetting a password, especially for a seldom used notebook or back-up rig:

Construct a password that's an amalgam of a machine's model number and motherboard designation.

And yes, though it too can be bypassed, a UEFI / BIOS password will add time to a ne'er-do-well's effort, thereby increasing the risk of his being exposed.

In the case of a notebook computer, said UEFI / BIOS password can form a significant obstacle to realizing a worthwhile profit for those who'd be better off learning how to use a laptop instead of stealing one.

$0.02
 
Old Today, 06:37 AM   #30
Trihexagonal
Member
 
Registered: Jul 2017
Location: The Land of the Dead
Distribution: Kali GNU/ Linux and FreeBSD
Posts: 341
Blog Entries: 1

Rep: Reputation: 329Reputation: 329Reputation: 329Reputation: 329
From my Tutorial, How to enter Single-User Mode on FreeBSD from the boot screen:

Quote:
OK, so you missed commenting a line in /etc/rc.conf, possibly after the "equals" symbol, are seeing a message to that effect and can't move past that point... Here's how to fix it without having to start completely over. Enter the following commands from where you are now to go into Single User Mode:

fsck -y
mount -u /
mount -a -t ufs
swapon -a


Now you can edit /etc/rc.conf through EE like before to find the error. Reboot afterwards to continue on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Foundation Announces New Project “CAMARA – The Telco Global API Alliance� with Global Industry Ecosystem LXer Syndicated Linux News 0 03-01-2022 12:47 PM
Linux executable global and other memory - how to reduce global memory space options uunniixx Linux - Software 2 12-27-2020 04:56 AM
LXer: OpenClinica Global Conference to Bring Together Global Community for Open Sourc LXer Syndicated Linux News 0 01-08-2010 10:50 AM
How to check the cpu utilization on all non global zones from Global Zone rajaniyer123 Solaris / OpenSolaris 3 10-09-2008 01:43 AM
How to share a ZFS file system between a global zone and a non global zone? crisostomo_enrico Solaris / OpenSolaris 7 11-28-2007 08:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration