mixmaster at remailer.segfault.net
Fri Feb 15 23:30:16 PST 2002
I'd like to submit my security system to your scrutiny...
I have a firewall and only run the most secure apps for servers
(and the less I can) but I was still afraid of someone getting a root
login on a remote shell.
What would you think if I told you that instead of bash as login shell
for critical users I use a script wich check something on the system
(most basic would be checking if *some* file exists) and if yes allow
the login and lock-out (e.g. remove the file), if not, it fails and output
the "Sorry." you'd usually get with a wrong password (so it just looks like a
bad password was entered)?
There would also be a script to unlock the account
(create the file). So with a low priority user you can login in others account,
like root, manually while reducing chances of a undesired remote login.
This would be better implemented in binaries, but by making the login script
readable only by the superuser, you can hide the test.
The weakness would be in the key-executable wich unlock the account. This one
must be usable by this low-priority user. So it can be read by someone who'd
have the password for that account, but, that's the point, if he doesn't keep
command history, there's no way someone could find what command goes before su.
This would be just one executable among many others (like in /usr/local/bin)
with an unsuspicious name (like whatever's unsuspicious). If it is a binary the
danger almost goes away (you would have to check it in disassembly
to know what it really does...) and, assuming it's a script, you'd have to
guess it exist first and find it next...
So you'd have to crack at least:
(combinatorics of the password)
(possibilities for *a* command on *a* file on a regular system.)
to get a root login.
and it work for other user too (with little tweaks)
I think even with what you know now you couldn't break such a system
cause it is much resistant to automation (e.g. testing all commands
with all files on a computer is long) and also, you won't even know
if you got a good password to begin with.
Imagine if you didn't even know there was such a system on that
This is a very simple hack but it can take many personal flavor.
So what would you think?
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security