
You’re in the front of a Linux computer, you need a root access. What do you do? - 300
http://www.jovicailic.org/2013/04/how-to-get-to-linux-root/
======
yuvadam
Not sure what this article is trying to say. I can gain "root access" just by
dismantling the hard drive and mounting it on a machine I own.

This is exactly why everybody should be using full-disk encryption. It is
ridiculously easy to set it up both on OS X (with FileVault) and Linux (with a
plethora of options), and even on Windows machines. There is absolutely no
reason why not to do this.

~~~
octo_t
I would rather use FileVault than TrueCrypt on OSX to be honest.

~~~
Karunamon
From an ease of use standpoint, maybe, but from a "less-likely-to-be-
compromised" standpoint? TC every day of the week and twice on Sunday.

Big-company encryption software cannot be trusted anymore. (If it ever could
have been...)

------
marcosdumay
One does not even need to enable password protection of Grub. Linux will ask
for the root password before granting access to recovery mode. That stopped
working at the early 2000s. The author must use a pretty stupid distro to not
notice it by 2013.

Anyway, want to gain access to the computer? Get a screwdriver.

~~~
ominous_prime
Ubuntu does not require a root password, because there isn't one. The default
setup is to always require sudo to access root.

~~~
lutusp
> Ubuntu does not require a root password, because there isn't one.

That's true, but creating a root password in Ubuntu is child's play:

$ sudo passwd

(enter user password for sudo access to root privilege level)

(enter new password for root)

(re-enter new password for root)

Done.

> The default setup is to always require sudo to access root.

Yes, but this is a cosmetic distinction, not a basic one. Setting up a root
password is always a few keystrokes away.

My point? Ubuntu isn't really different from other distros in this respect, it
only appears to be.

------
emilw
If enabled, you use a firewire connection. You don't even need to reboot and
can connect as root to any running processes and filesystems.

[http://www.breaknenter.org/projects/inception/](http://www.breaknenter.org/projects/inception/)

Yes, that is actual working technology.

~~~
marvin
This is a frighteningly effective hack, which once again underscores that if
your attacker has physical access to the machine, you're hosed. I've seen this
attack demonstrated live on Windows Server. It just uses DMA to search the
memory and skip the subroutine that checks whether the password entered was
valid.

Just put glue in the firewire connector, you say? Well, for instance most
laptops that can be docked are firewire-accessible through the docking port.
The firewire interface is also reachable through a USB adapter. So you'd have
to glue the USB ports shut as well. (Impractical). Even if you do all this,
most motherboards have the FireWire interface enabled on a PCI level, _even if
there are no physical PCI ports_ on the computer. So against this attack you'd
be pretty much hosed regardless, unless you use a chipset that explicitly
doesn't implement FireWire.

~~~
j_s
To prevent this attack, disable auto-loading of FireWire drivers within the
OS. I believe one of the Linux driver stacks already does this & OS X protects
itself when the machine is locked.

Also, FireWire over USB is repeatedly mentioned as _not_ working.

------
SixSigma
If it has sensitive data on it, the Linux computer should be locked in a room.
Physical access = ownership, every sysadmin knows that. Plan 9 terminals don't
have passwords for user accounts, if you want access to privileged data you
then have to authenticate with the dedicated authorization server. Linux is a
1960s OS, it boggles the mind people even still use it.

~~~
easy_rider
Hydrocarbon based fuels are 1850's tech. It boggles my mind people even still
use it.

------
gphilip
You're in front of a Linux computer. You compile an exploit you read about on
Slashdot, run the resulting executable, and voila!, you are dropped into a
root shell. After a couple of seconds you realize that you have _no_ ideas on
what to do next. That's when it registers that you are not as "young" as you
once were ...

------
pmorici
You can also just edit the boot command and add/modify the line init=... to
init=/bin/sh

------
Piskvorrr
Grub is password-protected, what do you do? (Boot from a live distro and
chroot into the on-disk one)

~~~
afhsfsfdsss88
This is what came to me first. I have unrestricted physical access?

I probably own the machine. If the data on the storage is not encrypted, I own
that too.

If I don't want to disassemble anything, I just plug in a liveUSB and it's all
mine.

If the BIOS has USB/CD boot disabled? I pull the CMOS battery.

If that fails? The google probably knows the BIOS reset sequence for your
board and soon so will I.

=======================================================================

Physical security is important too and FDE is not optional. [Even if you have
nothing to hide]

~~~
quasque
The CMOS battery often has nothing to do with BIOS settings, on many modern
laptops it's stored in the BIOS flash memory, with no such reset sequence
available.

If properly secured, physical hacking is not as easy as it used to be.

~~~
afhsfsfdsss88
NVRAM can be overwritten with a factory fresh BIOS image....

~~~
quasque
Yes, but then you're in the realm of interfacing directly with the hardware to
reflash the chip, somewhat upping the difficulty of this hack.

------
walesmd
Edit the kernel entry in grub to boot into single user mode (by appending a 1
to the line), boot, you're now free to change root's password.

This is what we did to a number of machines at this year's SouthWest CCDC we
were provided no login information for.

------
servowire
Alt+Magic sysreq key+b Put in a USB stick with Puppy Linux. Boot, Root.

Or did we need to get root access to the previous running OS? Be more specific
in that case ;)

------
taybin
Check what version of sendmail is running.

------
luckystarr
Link down, though if asked, I would suspect this to be a trick question. :-P

