View previous topic :: View next topic |
Author |
Message |
rutski89 Guru
Joined: 14 Mar 2005 Posts: 468 Location: United States N.Y.
|
Posted: Thu Apr 14, 2005 2:17 am Post subject: Regular User Can Restart!? |
|
|
Accidentally pushing ctrl+alt+del on my regular user, "Pat", caused my computer to restart! Whats up... is this right? It can't be, at least I know that I wouldn't want regular users to restart my system if i was running a server ? _________________ << ^ | ~ >> |
|
Back to top |
|
|
moocha Watchman
Joined: 21 Oct 2003 Posts: 5722
|
Posted: Thu Apr 14, 2005 2:30 am Post subject: Re: Regular User Can Restart!? |
|
|
rutski89 wrote: | Accidentally pushing ctrl+alt+del on my regular user, "Pat", caused my computer to restart! Whats up... is this right? | Yes. That behavior is by design. rutski89 wrote: | It can't be, at least I know that I wouldn't want regular users to restart my system if i was running a server ? |
If you're giving untrusted users access to the physical console on a server, they can do whatever they like anyway, so them rebooting it is the least of your worries. Any machine that is physically accessible to untrusted users must be considered to be compromised from the start. _________________ Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
Back to top |
|
|
ctt Tux's lil' helper
Joined: 05 Feb 2005 Posts: 136
|
Posted: Thu Apr 14, 2005 2:32 am Post subject: Re: Regular User Can Restart!? |
|
|
rutski89 wrote: | Accidentally pushing ctrl+alt+del on my regular user, "Pat", caused my computer to restart! Whats up... is this right? It can't be, at least I know that I wouldn't want regular users to restart my system if i was running a server ? |
It's not that big a concern, once you put things into perspective. When someone has physical access to your `server', many things are possible including turning off the computer (yanking the plug, or hitting the power button); rebooting (the reset button, as well as CTRL+ALT+DEL, and SYSRQ, if enabled); mounting denial of service attacks (removing network plugs); and even aquiring root privledges (well, if you failed to enable a BIOS password, lock the boot order, and secure LILO sufficiently).
Although there are ways to prevent most of these problems, your best bet is to have your dedicated server physically locked away somewhere. _________________ - chris |
|
Back to top |
|
|
moocha Watchman
Joined: 21 Oct 2003 Posts: 5722
|
Posted: Thu Apr 14, 2005 2:39 am Post subject: Re: Regular User Can Restart!? |
|
|
ctt wrote: | and even aquiring root privledges (well, if you failed to enable a BIOS password, lock the boot order, and secure LILO sufficiently). | Even doing all that is worth exactly nothing for a physically accessible machine. Example of a very simple and always effective worst case attack:- Acquire screwdriver.
- Open victim system's case.
- Remove hard drive(s).
- Place said hard drive(s) into attacker's system.
- Mount the victim file systems.
- Modify file systems as desired, including BIOS log manipulation software (if the server provides such a thing).
- Replace hard drive(s) into victim server.
- Boot the (now compromised) victim machine.
- Clear BIOS event log and case open status (if appropiate).
- Do whatever you want with the victim machine.
That, of course, will likely fail for fully encrypted file systems, but that implies someone with proper (hardware-based) credentials must be physically present every time the server is powercycled or rebooted, and in that case said person probably has thought the security policy through a bit better anyway, thus rendering the issue moot .
There is simply no way to secure a physically accessible machine, period. _________________ Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
Back to top |
|
|
rutski89 Guru
Joined: 14 Mar 2005 Posts: 468 Location: United States N.Y.
|
Posted: Thu Apr 14, 2005 3:22 am Post subject: |
|
|
I see. It was just a general question. Thanks for the info, taught me a good bit about security
P.S. Wheres your cute dogie avatar moocha? or was that not you? _________________ << ^ | ~ >> |
|
Back to top |
|
|
ctt Tux's lil' helper
Joined: 05 Feb 2005 Posts: 136
|
Posted: Thu Apr 14, 2005 3:22 am Post subject: Re: Regular User Can Restart!? |
|
|
moocha wrote: | ctt wrote: | and even aquiring root privledges (well, if you failed to enable a BIOS password, lock the boot order, and secure LILO sufficiently). | Even doing all that is worth exactly nothing for a physically accessible machine. Example of a very simple and always effective worst case attack:- Acquire screwdriver.
- Open victim system's case.
- Remove hard drive(s).
- Place said hard drive(s) into attacker's system.
- Mount the victim file systems.
- Modify file systems as desired, including BIOS log manipulation software (if the server provides such a thing).
- Replace hard drive(s) into victim server.
- Boot the (now compromised) victim machine.
- Clear BIOS event log and case open status (if appropiate).
- Do whatever you want with the victim machine.
That, of course, will likely fail for fully encrypted file systems, but that implies someone with proper (hardware-based) credentials must be physically present every time the server is powercycled or rebooted, and in that case said person probably has thought the security policy through a bit better anyway, thus rendering the issue moot .
There is simply no way to secure a physically accessible machine, period. |
Why can't we go back to the good old days when almost every case you could get had some sort of keyed locking mechanism on it (screwdriver --> saw, and add `buy a new identical case' to the list of steps...I know). I wouldn't go so far as to say that it is impossible to properly secure a machine to which someone has physical keyboard access, but it's just way to much effort whereas just removing the need for physical access would yield similar results. _________________ - chris |
|
Back to top |
|
|
moocha Watchman
Joined: 21 Oct 2003 Posts: 5722
|
Posted: Thu Apr 14, 2005 3:27 am Post subject: |
|
|
rutski89 wrote: | I see. It was just a general question. Thanks for the info, taught me a good bit about security | World's a better place then, in a small way rutski89 wrote: | P.S. Wheres your cute dogie avatar moocha? or was that not you? | Nah, mine used to be the newspaper reading guy sitting on the toilet . I removed it since I grew a bit tired of carrying an avatar around (cutesy at first, but pointless in the long run) and of causing one additional HTTP request for everyone viewing any of my posts. Ain't I a nice guy? _________________ Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
Back to top |
|
|
moocha Watchman
Joined: 21 Oct 2003 Posts: 5722
|
Posted: Thu Apr 14, 2005 3:29 am Post subject: Re: Regular User Can Restart!? |
|
|
ctt wrote: | Why can't we go back to the good old days when almost every case you could get had some sort of keyed locking mechanism on it (screwdriver --> saw, and add `buy a new identical case' to the list of steps...I know). I wouldn't go so far as to say that it is impossible to properly secure a machine to which someone has physical keyboard access, but it's just way to much effort whereas just removing the need for physical access would yield similar results. | Very true, and I freely admit mine was somewhat of an, ahem, over-the-top example . Security is about minimizing risk exposure, not eliminating risk (since eliminating risk is of course impossible in the general case - a la "what if all of the elementary particles that make up the Earth suddenly decide to go into different directions, all at the same time?" ). Wouldn't make much sense in spending 10 times more on security than the data or the service availability is actually worth . _________________ Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
Back to top |
|
|
MadEgg l33t
Joined: 06 Jun 2002 Posts: 678 Location: Netherlands
|
Posted: Thu Apr 14, 2005 9:51 am Post subject: |
|
|
But if you really want to, you can still disable ctrl+alt+del by commenting out the following line defining it in /etc/inittab... You'll also need to change permissions on /sbin/halt and /sbin/shutdown probably to prevent users completely to soft-reboot the machine. Changing permissions obviously also makes ctrl+alt+del malfunction since that invokes shutdown.
But as said before, it's not going to be your first priority, and even if you do change the permissions, the system can still be rebooted by compile a program that does the same as /sbin/shutdown(the shutdown program itself for example, since the sourcecode is available anyway); the system-calls that do perform the reboot can be invoked by normal users as well. You'll need to hack the kernel probably to fix that.
Code: |
ca:12345:ctrlaltdel:/sbin/shutdown -r now
|
_________________ Pentium 4 Prescott 3,2 GHz
Asus P4P800 SE, i865PE chipset
1024 MB PC3200 RAM
AOpen Aeolus GeForce 6800 Ultra 256 MB DDR2
Creative Audigy2 ZS
gentoo-sources-2.6.20-r7
nVidia-drivers version 9755 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|