Re: Doubts about OpenBSD security.
On Wed, 2006-06-21 at 14:23 -0300, JoC#o Salvatti wrote: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. There isn't much to be done at the operating system level to compensate for a lack of physical security. Asking for the password when it's already circumvented is futile. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. It would just be annoying for untold numbers of OpenBSD sysadmins across the planet, and would not fulfill any real security goal. -- Shawn K. Quinn
Re: Doubts about OpenBSD security.
Just put this line in your /etc/profile : TMOUT=900 So after a while noone clicks anything, it will logout automatically and nobody will have access to your server without knowing the root password . --- Departamento de Soporte Tecnico www.ipv4networks.com InternetWorking Solutions Av. Dr. Honorio Pueyrredon 1694 Tel: (05411)-4586-0134 Fax:(05411)-4585-7550 - Original Message - From: Shawn K. Quinn [EMAIL PROTECTED] To: misc@openbsd.org Sent: Sunday, June 25, 2006 8:58 PM Subject: Re: Doubts about OpenBSD security. On Wed, 2006-06-21 at 14:23 -0300, JoC#o Salvatti wrote: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. There isn't much to be done at the operating system level to compensate for a lack of physical security. Asking for the password when it's already circumvented is futile. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. It would just be annoying for untold numbers of OpenBSD sysadmins across the planet, and would not fulfill any real security goal. -- Shawn K. Quinn
Re: Doubts about OpenBSD security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Joco Salvatti wrote: 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? No. If you are already root, you could add easily another user with uid 0. Or do you want to be asked for your root password anytime you use adduser? If so, you could add the user by manually editing the passwd... Generally, if someone is root who shouldn't be root, you're screwed ;) 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? This can be enabled by changing /etc/ttys However, single user mode usually requires physical access to your box, but let's see your real world example... An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. So? If your servers are not physically secure, there's not much the OS can do about. If an attacker could enter the room of your servers, he could easily reboot the box and boot of a floppy or cdrom into some live system (OpenBSD live CD, knoppix, whatever) and from there mount your disc and install it's evil evil additional software into your openbsd installation. Forget it. If your servers are not physically secure, you do have a huge security problem (which is not OpenBSD related). I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. No. Not if the attacker is physically in front of the box... regards, Marian iD8DBQFEmjHugAq87Uq5FMsRAlixAKCsuf3TzGum0OlNXxe9V7xCqCWTbgCfZK7Y aPwVHe5F7HXyeflp/aMYNHs= =bf7g -END PGP SIGNATURE-
Re: Doubts about OpenBSD security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Boling wrote: Wouldn't this be the main reason to use sudo? Not at all. If your box is not physically secure, even sudo wouldn't prevent an attacker of joking around with your server... Use sudo anyways, but keep your servers physically secure. ./Marian PS.: Please do not Top Post. http://en.wikipedia.org/wiki/Top-posting iD8DBQFEmjPlgAq87Uq5FMsRAmy4AJ9MRRuC4+plqCzKWNptg4kQz69v7QCfSry8 mPV+ojceHJF0seyDJVNfxWo= =J6LF -END PGP SIGNATURE-
Re: Doubts about OpenBSD security.
On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote: So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. The attacker cannot load a malicious kernel module on OpenBSD, because OpenBSD specifically does not support loadable kernel modules for good. :)
Re: Doubts about OpenBSD security.
On Thu, Jun 22, 2006 at 01:04:00PM +0100, Constantine A. Murenin wrote: On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote: So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. The attacker cannot load a malicious kernel module on OpenBSD, because OpenBSD specifically does not support loadable kernel modules for good. :) Oh yeah? I guess I must be imagining things when I start vmware :-) anchovy1:~$ uname -a OpenBSD anchovy.countersiege.com 3.9 GENERIC#58 i386 anchovy1:~$ modstat Type Id Off Loadaddr Size Info Rev Module Name DEV 0 29 e8d01000 0001 e8d01220 2 linuxrtc DEV 1 30 e8d7b000 0005 e8d7f300 2 vmmon DEV 2 31 e8dfa000 0002 e8dfbce0 2 vmnet
Re: Doubts about OpenBSD security.
On Thu, Jun 22, 2006 at 01:04:00PM +0100, Constantine A. Murenin wrote: On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote: So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. The attacker cannot load a malicious kernel module on OpenBSD, because OpenBSD specifically does not support loadable kernel modules for good. :) Actually, it does - but only at securelevel 0. Joachim
Re: Doubts about OpenBSD security.
2006/6/21, Joco Salvatti [EMAIL PROTECTED]: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. http://www.darkwing.com/idled/ So the attacker could enter in single user mode, without the need for the root password, /etc/ttys: - console /usr/libexec/getty Pc vt220 off secure + console /usr/libexec/getty Pc vt220 off insecure I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. create a new user admin, with same uid/gid of root. change root shell to /sbin/nologin root will login only from single user with a password in normal administration you can `su - admin' with a different password from root. and, about load kernel modules: securelevel(7) -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Doubts about OpenBSD security.
On 22/06/06, Ryan McBride [EMAIL PROTECTED] wrote: On Thu, Jun 22, 2006 at 01:04:00PM +0100, Constantine A. Murenin wrote: On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote: So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. The attacker cannot load a malicious kernel module on OpenBSD, because OpenBSD specifically does not support loadable kernel modules for good. :) Oh yeah? I guess I must be imagining things when I start vmware :-) anchovy1:~$ uname -a OpenBSD anchovy.countersiege.com 3.9 GENERIC#58 i386 anchovy1:~$ modstat Type Id Off Loadaddr Size Info Rev Module Name DEV 0 29 e8d01000 0001 e8d01220 2 linuxrtc DEV 1 30 e8d7b000 0005 e8d7f300 2 vmmon DEV 2 31 e8dfa000 0002 e8dfbce0 2 vmnet Oops. :) I guess I misunderstood http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems where Kernel type refers solely to the provided kernel of the OS itself, not of the OS features that may be (ab)used by some third-party modules...
Re: Doubts about OpenBSD security.
On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote: Oops. :) I guess I misunderstood http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems where Kernel type refers solely to the provided kernel of the OS itself, not of the OS features that may be (ab)used by some third-party modules... i think you misunderstood the definition of accuracy used by wikipedia. :)
Re: Doubts about OpenBSD security.
On 22/06/06, Ted Unangst [EMAIL PROTECTED] wrote: On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote: Oops. :) I guess I misunderstood http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems where Kernel type refers solely to the provided kernel of the OS itself, not of the OS features that may be (ab)used by some third-party modules... i think you misunderstood the definition of accuracy used by wikipedia. :) As we speak, someone who reads misc@ and edits en.wikipedia.org has corrected the issue. :) http://en.wikipedia.org/w/index.php?title=Comparison_of_open_source_operating_systemsdiff=60026322oldid=59563156
Re: Doubts about OpenBSD security.
On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote: On 22/06/06, Ted Unangst [EMAIL PROTECTED] wrote: On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote: Oops. :) I guess I misunderstood http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems where Kernel type refers solely to the provided kernel of the OS itself, not of the OS features that may be (ab)used by some third-party modules... i think you misunderstood the definition of accuracy used by wikipedia. :) As we speak, someone who reads misc@ and edits en.wikipedia.org has corrected the issue. :) http://en.wikipedia.org/w/index.php?title=Comparison_of_open_source_operating_systemsdiff=60026322oldid=59563156 sweet, more lies. what prevents me from using lkm on powerpc again?
Doubts about OpenBSD security.
My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. Thanks for the time wasted reading this e-mail and I'm sorry if my questions are too silly. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Doubts about OpenBSD security.
My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? Oh come on. Are you serious? Why ask for the old password when that same user can just rm -rf / 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? This can be changed very easily by removing the keyword secure from the console line in /etc/ttys For now, we ship with it open for the root password by default, because too many people want it so.
Re: Doubts about OpenBSD security.
Joco Salvatti [EMAIL PROTECTED] wrote: 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? No, it may not. Why would that matter at all? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? If the local console is not secure, then remove the secure flag from it in /etc/ttys. This still doesn't do much, people can just boot some other media and then do whatever they want to your openbsd install if the machine is not physically secured. Adam
Re: Doubts about OpenBSD security.
Joco Salvatti wrote: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. He can also boot from cdrom or usb and then install everything you described. He can also remove the hard drive and mount it in a laptop. He can install a hardware key logger. etc. Nonce someone has physical access, all is lost with current hardware. Cheers, Dries
Re: Doubts about OpenBSD security.
On 6/21/06, Joco Salvatti [EMAIL PROTECTED] wrote: Let's suppose an attacker entered the room where an OpenBSD server is why didn't you lock the door? located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. or the attacker could take his super 1337 hax0rix0ragizzlerotfl usb key out of his pocket, plug it in, and boot from that. really, it's very simple: if you don't control access to the server, you don't control the server.
Re: Doubts about OpenBSD security.
On Wed, Jun 21, 2006 at 02:23:20PM -0300, Joco Salvatti wrote: My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? Root could easily get around such a thing, being root and all. Don't log in as root. If you must log in as root, don't when someone else can walk up and change the root password. 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? If you have physical access to the computer then you literally own it. You can pop out the disk and put in into another computer. You can pour vodka into the machine. If you can't physically secure your important computers then you are not secure. Period. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Doubts about OpenBSD security.
Thanks for all. On 6/21/06, Peter Landry [EMAIL PROTECTED] wrote: I think that when you've given an attacker physical access to a machine with a root session open, there's not a whole lot OpenBSD (or any OS) can do... The attacker could also, with physical, attach a keystroke logger, unplug your machine, or any number of other bad/humorous things I'm not clever enough to think of -- no matter what OS is running on the system. Hope that allays some of your fears regarding OpenBSD in particular... Peter L. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joco Salvatti Sent: Wednesday, June 21, 2006 1:23 PM To: Misc OpenBSD Subject: Doubts about OpenBSD security. My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. Thanks for the time wasted reading this e-mail and I'm sorry if my questions are too silly. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED] -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Doubts about OpenBSD security.
* Joco Salvatti [EMAIL PROTECTED] [2006-06-21 11:38]: My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? No. you're already root. You can also do: vipw cat /etc/master.passwd | sed s/root:.+:/root::/ /tmp/shit mv /tmp/shit /etc/master.passwd pwd_mkdb etc. etc. etc. 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? No, because if you have single user mode you have physical access to the machine. if I have physical access to the machine I can plug in the usb key around my neck, boot the system on it instead, mount your disk and do the above from case one. An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. No, because even if you didn't forget to log out, read the above. If I have physical access to your machine, you are fucked. it's that simple. I don't need to have you logged in as root to get single user - I simply hit the power button, and boot single user, or boot up the usb key/cdrom/floppy/zaurus-set-up-as-a-boot-server-in-me-pocket that is in my pocket, which I already have root and all the malicious shit I want on it and can copy on to your disk. And face it, your machine's bios is *not* openbsd and is *not* secure. period. IMNSHO, a root password for single user makes the system *LESS* secure, and I'm dead serious. I would object to any attempt to commit changes to OpenBSD to have one by default. Why? Real simple: *because you asked this question*. - Now I'm not just crapping on you, every new sysadmin I know asks this. The point is, if OpenBSD put a root password on single user, you might be tempted to think that somehow, someway, a not-physically secured machine was secure, and be tempted to deploy it that way. And don't laugh, I've seen the assumption made (I work at a university). My point is that putting security measures in place that do not do anything because of equivalent access make people believe that they *do* do something, and therefore people make incorrect assumptions and do things insecurely. Physical access is everything highness. Anyone who says differently is selling something. -Bob
Re: Doubts about OpenBSD security.
That's why I always hardware hack my servers with a fragmentation grenade. And, for good measure, anti-personnel mines underneath the raised flooring. On 6/21/06, Dries Schellekens [EMAIL PROTECTED] wrote: Nonce someone has physical access, all is lost with current hardware. -- Try to do nothing for money that you wouldn't do for free. --Paul Krassner
Re: Doubts about OpenBSD security.
Joco Salvatti [EMAIL PROTECTED] wrote: Let's suppose an attacker entered the room where an OpenBSD server is located in, Most would argue that at this point you've already lost the security game. So the attacker could enter in single user mode, without the need for the root password, He could also boot off of removable media with any OS that has support for FFS, mount your partitions, and copy over or change any file he wishes. Of if it is a typically-sized micro, he can just leave with it. Or if it's a vax, he may ride away with it (http://buscaluz.org/photos/Misc/vax.png). Computer security has to include physical security, too. -mj
Re: Doubts about OpenBSD security.
On 6/21/06, Gabriel Puliatti [EMAIL PROTECTED] wrote: On 6/21/06, Theo de Raadt [EMAIL PROTECTED] wrote: My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? Oh come on. Are you serious? Why ask for the old password when that same user can just rm -rf / Besides, by the time you get root, you already have complete control of the system. Do you really need to be protected from the attacker doing something that will only nag, since the system is compromised already?
Re: Doubts about OpenBSD security.
Joco Salvatti wrote: My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? This would not really improve security. Given access as root, an attacker could simply delete the master password file and create a new one to effect the same thing. 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? The /etc/ttys file controls this. The console may be either secure or insecure. It the console is secure then physical access controls are assumed. If insecure, password authentication is required. Physically secure siting of the computer is necessary. Otherwise, for example, the disk could be removed, modified, and replaced. The question is whether or not the console is also physically secured. -- John R. Shannon
Re: Doubts about OpenBSD security.
I think that when you've given an attacker physical access to a machine with a root session open, there's not a whole lot OpenBSD (or any OS) can do... The attacker could also, with physical, attach a keystroke logger, unplug your machine, or any number of other bad/humorous things I'm not clever enough to think of -- no matter what OS is running on the system. Hope that allays some of your fears regarding OpenBSD in particular... Peter L. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joco Salvatti Sent: Wednesday, June 21, 2006 1:23 PM To: Misc OpenBSD Subject: Doubts about OpenBSD security. My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. Thanks for the time wasted reading this e-mail and I'm sorry if my questions are too silly. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Doubts about OpenBSD security.
Wouldn't this be the main reason to use sudo? On 6/21/06, Joco Salvatti [EMAIL PROTECTED] wrote: Thanks for all. On 6/21/06, Peter Landry [EMAIL PROTECTED] wrote: I think that when you've given an attacker physical access to a machine with a root session open, there's not a whole lot OpenBSD (or any OS) can do... The attacker could also, with physical, attach a keystroke logger, unplug your machine, or any number of other bad/humorous things I'm not clever enough to think of -- no matter what OS is running on the system. Hope that allays some of your fears regarding OpenBSD in particular... Peter L. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joco Salvatti Sent: Wednesday, June 21, 2006 1:23 PM To: Misc OpenBSD Subject: Doubts about OpenBSD security. My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts. 1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. Thanks for the time wasted reading this e-mail and I'm sorry if my questions are too silly. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED] -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Doubts about OpenBSD security.
Quoting Jared Solomon [EMAIL PROTECTED]: That's why I always hardware hack my servers with a fragmentation grenade. And, for good measure, anti-personnel mines underneath the raised flooring. I prefer to have the doors automatically locked and then have the halon deployed. Much cleaner. ; ) This email was sent from Netspace Webmail: http://www.netspace.net.au
Re: Doubts about OpenBSD security.
On Wed, Jun 21, 2006 at 11:54:37AM -0600, Bob Beck wrote: IMNSHO, a root password for single user makes the system *LESS* secure, and I'm dead serious. I would object to any attempt to commit changes to OpenBSD to have one by default. Why? Real simple: *because you asked this question*. - Now I'm not just crapping on you, every new sysadmin I know asks this. The point is, if OpenBSD put a root password on single user, you might be tempted to think that somehow, someway, a not-physically secured machine was secure, and be tempted to deploy it that way. For those that don't know, many Linux distros do require a password for single user mode, so this question will be asked again many people migrating to OpenBSD. As an example of physical security, when I was a lowly tech support operator at an ISP and worked alone in the data centre at weekends: I got into the habbit of hitting the w key when ever I logged onto a box via ssh, one day I found that the technical director had logged onto the 4th console of a server as himself, and then su'd to root, then went home. Natrually, I hooked the keyboard back up, got the 4th console and played about for a few hours, reading his mail, etc, etc. Oh, those were the days.. Cheers, -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Doubts about OpenBSD security.
Bob Beck wrote: ... IMNSHO, a root password for single user makes the system *LESS* secure, and I'm dead serious. I would object to any attempt to commit changes to OpenBSD to have one by default. Why? Real simple: *because you asked this question*. - Now I'm not just crapping on you, every new sysadmin I know asks this. The point is, if OpenBSD put a root password on single user, you might be tempted to think that somehow, someway, a not-physically secured machine was secure, and be tempted to deploy it that way. And don't laugh, I've seen the assumption made (I work at a university). My point is that putting security measures in place that do not do anything because of equivalent access make people believe that they *do* do something, and therefore people make incorrect assumptions and do things insecurely. Physical access is everything highness. Anyone who says differently is selling something. -Bob Here's another example: My boss feels that it is important that he have a list of administrative passwords to all servers in our company. Now, call me no fun, but the idea of a password for the perimeter security firewalls sitting in an Excel spreadsheet on a laptop he selected because it was small and expensive and he likes to carry around to impress people scares the hell out of me..and thus, the PWs are not there. Now, he's got a point...yes, we have multiple administrators, but we are friends outside of work, so we are not infrequently in the same place at the same time, so the possibility of us both being killed in the same Celtic Music Riot or explosion of the same Mongolian Grill can't be discounted. If something happens to both of us, someone will need to be able to get into those systems. So...I just wrote up and showed him (and had him try) the lost my PW process in the FAQ, and had him force the root PW. And he was satisfied (other than the look on his face that seemed to be slightly pissed that I was denying him something he wanted, even though he knows I satisfied the goal of the demand he made). NOW...if we had something that had some kind of master password that was required even with physical access, we'd probably have to have either created an unused account for him (bad idea) or recorded a master password on his magic Excel spreadsheet (another bad idea). I don't think that would have improved security one bit. Sometimes, you got to make it easy to get in in a controlled way to make it harder for the wrong people to get in in a less controlled way. Nick.
Re: Doubts about OpenBSD security.
Nick Holland wrote: Bob Beck wrote: ... IMNSHO, a root password for single user makes the system *LESS* secure, and I'm dead serious. I would object to any attempt to commit changes to OpenBSD to have one by default. Why? Real simple: *because you asked this question*. - Now I'm not just crapping on you, every new sysadmin I know asks this. The point is, if OpenBSD put a root password on single user, you might be tempted to think that somehow, someway, a not-physically secured machine was secure, and be tempted to deploy it that way. And don't laugh, I've seen the assumption made (I work at a university). My point is that putting security measures in place that do not do anything because of equivalent access make people believe that they *do* do something, and therefore people make incorrect assumptions and do things insecurely. Physical access is everything highness. Anyone who says differently is selling something. -Bob Here's another example: My boss feels that it is important that he have a list of administrative passwords to all servers in our company. Now, call me no fun, but the idea of a password for the perimeter security firewalls sitting in an Excel spreadsheet on a laptop he selected because it was small and expensive and he likes to carry around to impress people scares the hell out of me..and thus, the PWs are not there. Now, he's got a point...yes, we have multiple administrators, but we are friends outside of work, so we are not infrequently in the same place at the same time, so the possibility of us both being killed in the same Celtic Music Riot or explosion of the same Mongolian Grill can't be discounted. If something happens to both of us, someone will need to be able to get into those systems. So...I just wrote up and showed him (and had him try) the lost my PW process in the FAQ, and had him force the root PW. And he was satisfied (other than the look on his face that seemed to be slightly pissed that I was denying him something he wanted, even though he knows I satisfied the goal of the demand he made). NOW...if we had something that had some kind of master password that was required even with physical access, we'd probably have to have either created an unused account for him (bad idea) or recorded a master password on his magic Excel spreadsheet (another bad idea). I don't think that would have improved security one bit. Sometimes, you got to make it easy to get in in a controlled way to make it harder for the wrong people to get in in a less controlled way. Nick. ?? odds the laptop winds up on eBay, drive intact ??