Re: Linux login security approaches

Lenart Gabor (lgb@hal2000.hal.vein.hu)
Tue, 8 Dec 1998 17:23:48 +0100


On Tue, Dec 08, 1998 at 08:53:12AM +0100, Konrad Rosenbaum wrote:
>
>
> On Mon, 7 Dec 1998, Lenart Gabor wrote:
>
> > Beginning with a nice story ...
> >
> > Some hours ago we had a discuss on Linux security, here at the University.
> > I mentioned that Linux has got a weak point : every user can write a fake
> > login program and even the system administrator can think that it's mgetty
> > and type the root password :( This kind of Trojan programs can be preceded.
> > We should define a key combination which is unmaskable by ANY process, and
> > login procedures should begin by pressing this combo. However I was told that
> > this is "an NT way" solution, but I disagree. (I don't know anything on
> > NT before I've hopefully never used it :)
>
> The solution may be much more simple than you thought: you don't need to
> patch the kernel nor userspace:
> *on console it is (in most cases) enough to press ctrl-c and/or ctrl-d
> -> this would terminate the cracker-program

for (i=1;i<32;i++) signal(i,SIG_IGN) or something similar ...

> *these hacks use one simple approach: you give your login and password,
> which is stored into a file and then they type out that you were wrong
> and mgetty restarts -> just login with your name and a _wrong_ password,

And what about when the cracker proggy uses a for(;;) loop, and
cracker can use kill -9 to kill it after logging in on another terminal ?

User can think that he misstyped his password and he would have tried
again, and his password has been alread logged at this point by the
evil proggy :(

And your idea (and even alt-printscreen-k) has got a problem :
user *CAN* login when he forget to check if it's a trojan (by pressing
alt-printscreen-k for example). There should be a solution which do not
allow the begin the login procedure before the key combo !

---[ LGB/DC ]------------------[ root@hal2000 ]-----------------[ LINUX ]---
"The truth is out there" "We're living together" "The future is dark."
---[ 88/422022-4602 ]--[ http://www.hal.vein.hu/~lgb ]------[ 87/477074 ]---

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/