Date: Tue, 22 Dec 1998 12:16:13 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: cjclark@home.com, Janos Mohacsi <mohacsi@bagira.iit.bme.hu>, security@FreeBSD.ORG Subject: Re: preventing single user login w/o password Message-ID: <Pine.BSF.3.96.981222121213.15464C-100000@fledge.watson.org> In-Reply-To: <xzpww3lecjq.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Dec 1998, Dag-Erling Smorgrav wrote: > "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> writes: > > Janos Mohacsi wrote, > > > How can I prevent booting FreeBSD into the single user mode without > > > supplying either root or maybe different password? > > Here's the simple answer, but you might not like it, > > > > Control physical access to the machine. > > > > "There is no security without physical security." > > Well, you can translate physical access to the computer into physical > access to a more manageable item, such as a Java ring, if you use some > kind of hardware device which strongly encrypts your disks and keep > the encryption key on the Java ring. The idea is that you can't boot > the computer without the ring, and you can't decrypt the contents of > the disk drive without it either (not within reasonable amounts of > time, anyway). I'm actually not sure this is a solution. If I have physical access to the machine, I can induce (via hardware or software) a mechanism to capture your key when or before you attach the key to the machine so that the decryption can occur. I think there is a fairly strong evidence that 'tamper-proof hardware' simply cannot exist, at least not economically, if not at all. If your key was required to perform the disk-decryption operations, presumably that is a step in the right direction, but if it just transfers the key, I come in and set something up to intercept the key when you arrive to boot the machine. It's sort of like the kerberos database master key--if anyone cares, they can get it trivially. If it is before kerberos has started, look for a stash file or trojan the terminal driver; if it is after, attach a debugger to the kerberos process, if it uses the key, it must have it in a recoverable form. So why bother? :) Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981222121213.15464C-100000>