Re: Linux login security approaches

Konrad Rosenbaum (htw6966@htw-dresden.de)
Tue, 8 Dec 1998 08:53:12 +0100 (NFT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Thomas Molina: "Re: mozilla+XFree86+Linux-2.1.x => HARD LOCKUP (addition)"
Previous message: Gabor Kuti: "Re: bh order preserved?"

On Mon, 7 Dec 1998, Lenart Gabor wrote:

> Beginning with a nice story ...
>
> Some hours ago we had a discuss on Linux security, here at the University.
> I mentioned that Linux has got a weak point : every user can write a fake
> login program and even the system administrator can think that it's mgetty
> and type the root password :( This kind of Trojan programs can be preceded.
> We should define a key combination which is unmaskable by ANY process, and
> login procedures should begin by pressing this combo. However I was told that
> this is "an NT way" solution, but I disagree. (I don't know anything on
> NT before I've hopefully never used it :)

The solution may be much more simple than you thought: you don't need to
patch the kernel nor userspace:
*on console it is (in most cases) enough to press ctrl-c and/or ctrl-d
-> this would terminate the cracker-program
*these hacks use one simple approach: you give your login and password,
which is stored into a file and then they type out that you were wrong
and mgetty restarts -> just login with your name and a _wrong_ password,
after being sure the crackproggy exited you can login as usual
*under X you can terminate any program by using the window managers
kill-features, the xdm will restart then, on most X-stations you can
terminate the X-server too (Ctrl-Alt-Backspace)
=>these approaches are 99% secure and most time in university I use that
(I know too much "enthusiasts" there)
=>if you want to be _really_ sure you can login via telnet and look into
the process table with "ps ax"; one hint for those who know those which
scramble argument-variables at runtime: look into /proc/<pid>/commandline
=> it should be much more easy to write a userspace program which
controls the programs on console terminal than patching the kernel with
features which make it less abstracted and this way less stable (the only
program a kernel should call directly is init - nothing else! And this
only once!)

happy hacking,
Konrad

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Molina: "Re: mozilla+XFree86+Linux-2.1.x => HARD LOCKUP (addition)"
Previous message: Gabor Kuti: "Re: bh order preserved?"