PDA

View Full Version : Security Compromise - full Root access


burnsy
1st December 2004, 01:07 PM
I was shocked and quite alarmed when I booted up my computer with a bootable linux CD. I had full read-write access to each partition on the hard drive, including all folders in /home, and even scarier, the /root folder, where I was able to, if I wanted, delete or create whatever I wanted, at will.

I feel that this is a serious issue. At no stage was I prompted for a password. Does this mean that any root user of a bootable distribution (ie: Knoppix and variants) will gain complete access to all "private" data in my Fedora partitions? Ultimately, wouldn't it be expected that there would be at least a PROMPT for a password? Shouldn't there be some form of data encryption to prevent this?

Quella
1st December 2004, 01:20 PM
You can provide your own data encryption if you think this to be a real fear. As has always been the case, if one has physical access to any computer, it is "game over". You could apply a BIOS password (useless also), but such things like this are just a CLUB, and will only drive away the interested. Only strong encryption will help to prevent what you are asking. Boot into single user mode and see all of the stuff you can do to a system without any login.

Quella

vinu
1st December 2004, 01:35 PM
If you have physical access to a computer, there is not much that can stand in the way of a person determined to access your data.

Encryption serves a useful deterrent, but a determined cracker may be able to break it assuming he has enough computing resources (like a government agency, for example.....!!!)

And encryption adds an additional overhead to your linux box.... something you must consider especially if you're running a low spec. desktop or a server with a lot of disk intensive I/O.

But yes, encryption is the best that tool that we possess.... and the effort of breaking encryption just isn't worth the effort for most people who are trying to illegally access data on your computer.

Quella
1st December 2004, 01:37 PM
Well Said Vinu. I fully agree with your points.

Quella

Jman
1st December 2004, 11:02 PM
Your data is private only in the sense that you need a password to log on. Somebody can bypass that if they access the data in a different way.

You don't even need a bootable CD if somebody can change grub to boot into single user mode.

burnsy
2nd December 2004, 12:49 PM
How then am I able to encrypt my data?

Jman
3rd December 2004, 03:32 AM
Found an old encrypted NFS like filesystem (http://www.tcfs.it/index.php) but it's for kernel 2.2. Don't know if there is anything newer.

You only have to worry if anyone you don't trust will be using your computer.

digitalbill
17th December 2004, 07:58 PM
You could spend a million dollars on security messures to secure yout network. If the building mantiance guy with a master key gets bribed to steal your HDD. What good did the security mesures do? Make sure you boxes are physically secure and you wont have to worry about bootable media being inserted.

macemoneta
17th December 2004, 09:54 PM
How then am I able to encrypt my data?

Take a look at the Gnu Privacy Guard (GnuPG) Mini Howto (http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto.html). It walks you through an explanation of strong encryption, and how you encrypt and decrypt data. Even with physical access, encrypted data is secure.

A large govenment will not spend hundreds of thousands of parallel supercomputer hours to break strong encryption. It's much easier to break parts of your body to get the passphrase. :rolleyes: