secure login

Anonymous Coredump mixmaster at remailer.segfault.net
Fri Feb 15 23:30:16 PST 2002


Hi,

I'd like to submit my security system to your scrutiny...

I have a firewall and only run the most secure apps for servers
(and the less I can) but I was still afraid of someone getting a root 
login on a remote shell.

What would you think if I told you that instead of bash as login shell 
for critical users I use a script wich check something on the system 
(most basic would be checking if *some* file exists) and if yes allow 
the login and lock-out (e.g. remove the file), if not, it fails and output 
the "Sorry." you'd usually get with a wrong password (so it just looks like a 
bad password was entered)?

There would also be a script to unlock the account 
(create the file). So with a low priority user you can login in others account,
like root, manually while reducing chances of a undesired remote login. 

This would be better implemented in binaries, but by making the login script 
readable only by the superuser, you can hide the test. 

The weakness would be in the key-executable wich unlock the account. This one 
must be usable by this low-priority user. So it can be read by someone who'd
have the password for that account, but, that's the point, if he doesn't keep 
command history, there's no way someone could find what command goes before su. 
This would be just one executable among many others (like in /usr/local/bin)
with an unsuspicious name (like whatever's unsuspicious). If it is a binary the 
danger almost goes away (you would have to check it in disassembly 
to know what it really does...) and, assuming it's a script, you'd have to 
guess it exist first and find it next...

So you'd have to crack at least:
(combinatorics of the password) 
time 
(possibilities for *a* command on *a* file on a regular system.) 
to get a root login.

and it work for other user too (with little tweaks)

I think even with what you know now you couldn't break such a system 
cause it is much resistant to automation (e.g. testing all commands 
with all files on a computer is long) and also, you won't even know 
if you got a good password to begin with. 

Imagine if you didn't even know there was such a system on that
machine...

This is a very simple hack but it can take many personal flavor.

So what would you think?

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list