Thanks for all.
On 6/21/06, Peter Landry <[EMAIL PROTECTED]> wrote:
I think that when you've given an attacker physical access to a machine with a root session open, there's not a whole lot OpenBSD (or any OS) can do... The attacker could also, with physical, attach a keystroke logger, unplug your machine, or any number of other bad/humorous things I'm not clever enough to think of -- no matter what OS is running on the system. Hope that allays some of your fears regarding OpenBSD in particular... Peter L. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joco Salvatti Sent: Wednesday, June 21, 2006 1:23 PM To: Misc OpenBSD Subject: Doubts about OpenBSD security. My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. Thanks for the time wasted reading this e-mail and I'm sorry if my questions are too silly. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
-- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]