On 09-Nov-98 Kelvin Teh wrote:
>
> Doesn't changing the password files require special permissions? If this
> was possible then anyone can hack into Linux systems easily...
> Please tell me if this is possible so that I can take some measures to
> prevent abuse...My Linux box is shared by several users and I do not want
> itchy users to delete my root passwords to put in their own.
Changing the password file should require root permission, but when you boot
from floppy, you are essentially booting up from your own Linux system which is
completely seperate from the Linux system on the hard disk. Since the Linux
system that you've booted off the floppy belongs to and is configured by
yourself, therefore you would most certainly have root permission on it. You
could then access the hard disk as a regular partition, mount it in an
appropriate location and modify any of it's content.
If you allow direct physical access to your linux box, certain security
precautions are needed.
First of all, you should set your bios to boot only from the hard disk and
protect the setting with a password. Don't put too much faith on the bios
password protection, it's easily broken (eg. many award bios uses the default
password of "AWARD_SW"). Search for exploits on your bios before relying on
this, note that most exploits will not work as Linux prevents direct access to
the CMOS I/O port. Completely disabling your floppy may be a more secure option.
To prevent a user from booting Linux in single user mode using the "single" init
argument which can be specified during bootup via lilo, you will need to
password protect the kernel image. Read the man pages "lilo" in section 8 and
"lilo.conf" in section 5. I'm not familiar with this, but you should certainly
allow /etc/lilo.conf to be readable by root only. Or better still, delete the
password listed in the file once you have ran lilo.
You should also make sure that the user will not be able to physical open up
your Linux box.
ALL of these three conditions must be met in order to protect your Linux box.
And note that the effectiveness of this solution is limited by the weakest
link. If your bios has a default password, you probably wouldn't need to bother
with the other two procedure.
Incase of problems, the administrator of the box can still access the bios
configuration using the bios password and allow bootup from floppy.
A second solution will be to use an encrypted file system. This will prevent an
attacker from reading your files or from modifing your data. Used alone,
it will not prevent an attacker from destroying your data.
Cort
[EMAIL PROTECTED]
