From owner-freebsd-questions@FreeBSD.ORG Tue Mar 3 14:20:41 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9D9D1508 for ; Tue, 3 Mar 2015 14:20:41 +0000 (UTC) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1E381166 for ; Tue, 3 Mar 2015 14:20:40 +0000 (UTC) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.14.9/8.14.7) with ESMTP id t23EKaM0021270; Tue, 3 Mar 2015 14:20:37 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <54F5C334.2030301@qeng-ho.org> Date: Tue, 03 Mar 2015 14:20:36 +0000 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Mehmet Erol Sanliturk , Polytropon Subject: Re: Check root password changes done via single user mode References: <54F56A83.3000404@gmail.com> <54F57CD9.2000707@gmail.com> <54F5AF25.7000303@qeng-ho.org> <20150303141633.c38bdc7b.freebsd@edvax.de> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: fluxwatcher@gmail.com, FreeBSD Questions Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2015 14:20:41 -0000 On 03/03/2015 14:02, Mehmet Erol Sanliturk wrote: > On Tue, Mar 3, 2015 at 5:16 AM, Polytropon wrote: > >> On Tue, 03 Mar 2015 12:55:01 +0000, Arthur Chance wrote: >>> As Bruce Schneier says, there's no such thing as perfect security, it >>> all depends on what costs (in money, time, or effort) attacker and >>> defender are prepared to pay. >> >> Also consider non-OS security in this context: A CCTV camera >> monitoring the console, or a hardware keylogger that can be >> examined for SUM logins and "passwd" command calls. This is >> relatively easy with physical servers, but those which are >> being accessed via network (and with some management solution >> that let's you, for example, access the serial console via >> IP) could benefit from a mechanism examining the network >> traffic; but as soon as you have end-to-end encryption in >> such a setup, it won't work... except it's weak crypto and >> you have the sufficient means... >> >> FreeBSD can only offer a specific subset of solutions "out >> of the box", and a versatile attacker will always find a way >> to avoid those obstacles. >> _______________________________________________ >> >> > If any one is in front of the console , he/she may use a boot CD/DVD/USB > stick to boot a copy of the operating system , and do whatever wants to do . Just another step in the arms race. Configure the BIOS/UEFI to boot from the hard disk first, set the BIOS password(s). At this point an attack requires opening the case. Counter that with a locked room, and so on. As I said, it all depends how much effort both sides want to expend. That's why I asked the OP what his threat model was. Until that's answered we can only keep escalating threats and countermeasures into the realms of the hypothetical and ridiculous. Thermic lances through bank vault walls anyone? :-) -- Those who do not learn from computing history are doomed to GOTO 1