Re: Linux login security approaches

kwrohrer@ce.mediaone.net
Tue, 8 Dec 1998 11:33:14 -0600 (EST)

And lo, Lenart Gabor saith unto me:
>
> Beginning with a nice story ...
>
> Some hours ago we had a discuss on Linux security, here at the University.
> I mentioned that Linux has got a weak point : every user can write a fake
> login program and even the system administrator can think that it's mgetty
> and type the root password :(
Well, then don't let every user use the console. And don't let every
user have root, though one of the most basic security adages I've heard
is "don't trust someone with an account if you don't trust them not to
break root"...or, alternately, don't consider the machine secure.

Either access the machine via ssh or telnetd, neither of which can be
intercepted by non-root processes (or binaries, assuming your permissions
on telnetd and sshd and their directories are correct), or login from a
console the lusers can't get to. If you feel really paranoid, have the
gettys not allow non-root/non-admin logins; that way, lusers can't capture
root on your console because they can't open your console.

The rest of this proposal seems to be overly complicated at least, paranoia
at worst. There are simpler ways of ensuring the security of a login
prompt, assuming root hasn't been compromised.

Keith

-- 
 "Well, look at that.  The sun's   | Linux: http://www.linuxhq.com     |"Zooty,
  coming up." -- John Sheridan,    | KDE:   http://www.kde.org         | zoot
  "Sleeping in Light", Babylon 5   | Keith: kwrohrer@enteract.com      | zoot!"
www.midwinter.com/lurk/lurker.html | http://www.enteract.com/~kwrohrer | --Rebo


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/