Re: "linux single" security problem

[Ben Kosse <bkosse iname com>]

>------------------------------------------------------
>1 -- Physically secure the power and reset switch and disable
>control-alt-delete
>
>I can see how this would work but this is not an option in my situation and
>also the security of an OS should not depend on the physical security of the
>computer
Did you just say that?

You are dreadfully wrong.

There is *NOT A SINGLE SYSTEM* which with physical access is invurnerable.
Nothing. At all. Zero. If you want security, the first thing you *HAVE* to
do is disable the ability to put in a floppy disk and boot to another
system. One could theoretically (if the E2FS driver is finished) even boot
to DOS and go from there. With NT, one can boot to NT or Linux and read an
NTFS partition.

>Again, this would seem to work, but even if the mode on lilo.conf
>was -rw------- and owned by root, I feel that this is less secure (with the
>clear-text password) than the shadow passwords I am using.  (Which, on a
>side note, are not enabled by default either.  That one is easy enough to
>fix [pwconv] but why not enable them by default?).
It's no less secure. Unix password encryption is dreadfully stupid. Give
cracklib about 2 days tops to break damn near any password.

>What I want is to find a way to cause a user to be prompted for a root
>password after typing "linux single."  I do NOT want to restrict the use of
>linux single or restrict rebooting the machine.  I want to secure my
>operating system.  =) 
You can't do that without securing the console. Basic security.

>-Shadow passwords are cool and IMO should be enabled by default
Yes, they should.

>-Unrestricted console root access is VERY uncool
Put it in lilo.conf and you're just as secure.