Here is a link that I ran across that has alot of "Inconvenient" Truths, sorry Al.
Truths
To paraphrase, here is George Carlin laying it out for you.
Tuesday, October 23, 2007
Thursday, October 11, 2007
Insecure by Default
Guess what, I can walk up to your Ubuntu, PCLinuxOS, Debian, etc desktop installation and take complete control over it without needing a single password. Thats right, root access simply by sitting down at your computer. Why is it nearly every single distro by default leaves this gaping security hole open? Seriously, it is possible to fix the problem during installation, my personal favorite, Sabayon, asks if you want to password GRUB as part of the installation.
What am I talking about? One simple word 'single', thats it. You walk up to nearly every default desktop installation, reboot it then break the boot cycle when GRUB fires up. If GRUB is not passworded, and the default for almost all installations is that it isn't, you now have the option to grant yourself root access.
On single or multi boot systems, select the installation you want and instead of hitting enter to boot, enter 'e' to edit. Select the boot line with all the kernel options, typically the second, and hit 'e' again. Scroll all the way to the end of the line and add the word 'single'. Hit enter and press 'b' for boot.
The system will now start booting up in what appears to be normal fashion. With one exception, instead of dropping you into the GUI it will drop you into CLI with root access automagically granted. From that point on the system is mine. I can change passwords, add users, add background processes such as ftp access or ssh access for myself. Maybe add a hidden user account not so hidden if you know what you are looking for in /etc/passwd, but you have to know to look at it. In other words, anything.
So I ask again, why with security being such an assumed when running Linux is this hole left open? It is possible to close this after the fact, and it is not difficult at all. Directions on how to accomplish this simple security measure can be found:
http://www.cs.wcupa.edu/~rkline/Linux/grub.html
or
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=2
(that one includes securing LILO as well)
or
http://www.cyberciti.biz/tips/how-do-i-secure-grub-boot-loader.html
Also if you happen to screw it up and need to recover from locking your GRUB you'll need a LiveCD and the directions here, or a little common sense.
http://www.cyberciti.biz/tips/howto-recovering-grub-boot-loader-password.html
So now, what is your excuse for not securing your bootloader from me? How often do you actually have to go in and mess with it or even look at it? Isn't five minutes of your time worth knowing that no one is going to access your system when your back is turned?
Oh did I mention that Sabayon gives you the option to do this as part of the install routine? I did, but this is a good place for a shameless plug for my distro of choice.
~Az
What am I talking about? One simple word 'single', thats it. You walk up to nearly every default desktop installation, reboot it then break the boot cycle when GRUB fires up. If GRUB is not passworded, and the default for almost all installations is that it isn't, you now have the option to grant yourself root access.
On single or multi boot systems, select the installation you want and instead of hitting enter to boot, enter 'e' to edit. Select the boot line with all the kernel options, typically the second, and hit 'e' again. Scroll all the way to the end of the line and add the word 'single'. Hit enter and press 'b' for boot.
The system will now start booting up in what appears to be normal fashion. With one exception, instead of dropping you into the GUI it will drop you into CLI with root access automagically granted. From that point on the system is mine. I can change passwords, add users, add background processes such as ftp access or ssh access for myself. Maybe add a hidden user account not so hidden if you know what you are looking for in /etc/passwd, but you have to know to look at it. In other words, anything.
So I ask again, why with security being such an assumed when running Linux is this hole left open? It is possible to close this after the fact, and it is not difficult at all. Directions on how to accomplish this simple security measure can be found:
http://www.cs.wcupa.edu/~rkline/Linux/grub.html
or
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=2
(that one includes securing LILO as well)
or
http://www.cyberciti.biz/tips/how-do-i-secure-grub-boot-loader.html
Also if you happen to screw it up and need to recover from locking your GRUB you'll need a LiveCD and the directions here, or a little common sense.
http://www.cyberciti.biz/tips/howto-recovering-grub-boot-loader-password.html
So now, what is your excuse for not securing your bootloader from me? How often do you actually have to go in and mess with it or even look at it? Isn't five minutes of your time worth knowing that no one is going to access your system when your back is turned?
Oh did I mention that Sabayon gives you the option to do this as part of the install routine? I did, but this is a good place for a shameless plug for my distro of choice.
~Az
Subscribe to:
Posts (Atom)