# Changing root password with gentoo install cd

## aardvark

Ok this may sound like a bit noobie ,far sought and "Old News", but it has caused me to scratch my head... 

When I put in the bootable Gentoo install CD I can mount my root partition, ok:

mount /mnt/gentoo /dev/hdaX

chroot /mnt/gentoo /bin/bash

env-update

source /etc/profile

When this is done, the root password can be changed without entering the existing one... by anyone. 

Ok, I could prevent a user from booting of the CD of cource, but that can also be easlily bypassed by a smart user (the little computer freak cousin?). 

I am aware that this kind of "screw that pc action" can be done for any OS, but it seems quite simple and easy in this specific scenario. (perhaps there is even a simpler way via grub + "e" key.) It can even be done without leaving a trace if you backup and replace the /etc/passwd file (or not?)  

So it comes down to this: Can I prevent this from happening on a "linux/software" level? 

My workaround for now would be to disable "bootable CD" for now and password protect the bios setting. It means basically that I should keep untrusted users away from my physical computer as well as my backend network..  :Smile: 

If this is all too stupid and paranoid, be happy to kick me...  :Sad: 

----------

## rac

 *aardvark wrote:*   

> So it comes down to this: Can I prevent this from happening on a "linux/software" level?

 

Not short of using an encrypting filesystem.  Anyone could simply burn their own CD, and if your BIOS is set to boot the CD before the HD, it will load first.

 *aardvark wrote:*   

> My workaround for now would be to disable "bootable CD" for now and password protect the bios setting.

 

That sounds like a good approach, if your system is in a pretty stable state and you are not often having to boot from the CD for rescue purposes.

----------

## klieber

 *aardvark wrote:*   

> When this is done, the root password can be changed without entering the existing one... by anyone. 

 

correct.

 *aardvark wrote:*   

> Ok, I could prevent a user from booting of the CD of cource, but that can also be easlily bypassed by a smart user (the little computer freak cousin?). 

 

also correct.

 *aardvark wrote:*   

> It can even be done without leaving a trace if you backup and replace the /etc/passwd file

 

again, correct.

 *aardvark wrote:*   

> So it comes down to this: Can I prevent this from happening on a "linux/software" level? 

 

no.  not if the attacker has physical access to your machine.

 *aardvark wrote:*   

> My workaround for now would be to disable "bootable CD" for now and password protect the bios setting.

 

Even this won't work -- it just means that I have to pop the cover to your machine and find the jumper switch that resets your BIOS password.

 *aardvark wrote:*   

> It means basically that I should keep untrusted users away from my physical computer as well as my backend network..  

 

This is the key.

 *aardvark wrote:*   

> If this is all too stupid and paranoid, be happy to kick me... 

 

It's not stupid and you're not paranoid, but the simple fact is that there is no way to protect your machine if someone has physical access to it.  Flat out.  Period.  No way around it.  That's just something you have to accept and deal with.  For some, this means locking computers up in closets (for home use) or datacenters (for business use).  It all depends on how secure you need things to be and how much you're willing to pay to secure it.

--kurt

----------

## aardvark

 *rac wrote:*   

> 
> 
> Not short of using an encrypting filesystem.  Anyone could simply burn their own CD, and if your BIOS is set to boot the CD before the HD, it will load first.
> 
> 

 

Hmm , could you point me to an EFS that will go well with Gentoo?

----------

## klieber

 *rac wrote:*   

> Not short of using an encrypting filesystem

 

Even this isn't really enough.  Loopback encryption (most common form on linux) has quite a few holes that can be exploited to bypass it, assuming you have physical access to the machine.

Additionally, if you plan to back things up or have any sort of rescue boot disk, then the attacker simply needs to get ahold of that and they can typically pull the encryption key out of it.

Or, you simply put a keystroke logger on the back of the machine and capture the root password.  The FBI used this to catch some famous mobster a while back.  (And before you write this off as fantasy and spy games, realize that you can buy one for under $100.)

Encrypted file systems do help, but only if you're fanatical about protecting the keys to unlock the system.  I also seem to remember that some partitions (boot?) can't be encrypted on linux, but I don't remember the details.  (I could be totally off-base on that last one.)

--kurt

----------

## aardvark

 *klieber wrote:*   

> 
> 
> Even this won't work -- it just means that I have to pop the cover to your machine and find the jumper switch that resets your BIOS password.
> 
> 

 

Ok, then I'll have to find a way that at least a trace is left behind when someone attempts to do this, Either in the OS or on a hardware level.  The scary thing is that it can be done so easily without leaving a trace. 

[not meant inflammatory]

For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this  :Smile:  )

[/not meant inflammatory]

----------

## delta407

 *aardvark wrote:*   

> [not meant inflammatory]
> 
> For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this  )
> 
> [/not meant inflammatory]

 

See this page.

----------

## aardvark

 *delta407 wrote:*   

>  *aardvark wrote:*   [not meant inflammatory]
> 
> For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this  )
> 
> [/not meant inflammatory] 
> ...

 

I stand corrected!!

----------

## klieber

 *aardvark wrote:*   

> For as far as I know it is not as easy as this with windows XP unless you reinstall the whole OS from a CD, but that is -again- as far as I know. (No, I am not willing to switch OS over this  )
> 
> 

 

The issue of physical security is not restricted by OS.  Windows, linux, solaris and Mac are all vulnerable.  

Again, it comes down to protecting physical access to the machine.  Honestly, if you're that concerned about it, place it in a closet and lock the closet.  Or, use JB Weld or a similar chemical welding solution and weld your case shut (or duct tape, spot solder, etc., etc)  In that case, a BIOS password, combined with removing the floppy and CDROM from the boot sequence, is more effective since popping the top isn't as easy and you can generally tell when your case has been compromised.

What are you trying to protect here?  Sensitive Intellectual Property worth millions of dollars or are you just trying to make sure your parents don't discover your pr0n collection?  :Wink: 

--kurt

----------

## aardvark

 *klieber wrote:*   

> 
> 
> What are you trying to protect here?  Sensitive Intellectual Property worth millions of dollars or are you just trying to make sure your parents don't discover your pr0n collection? 
> 
> 

 

No not really. Just a matter of principal.., hobby exploring the possibilities and as illustrated by the following:  

Person 1 "Why are you running linux? and why should I?"

Person 2 "Well, there are many reasons. For one it is very secure.......only root has acces to the sytem... etc."

Of course the above is true for a network approach, If I do my configging right

I just found it interesting that this could be done so easily...

The only thing I want to really protect is my thesis, but more against hardware failure than someone breaking in...  :Wink: 

Ok, thanks for all your replies. I get the idea...

----------

