[svlug] Security question: read-only drive
raffi at linwin.com
Tue Feb 6 19:12:01 PST 2001
On Tue, 6 Feb 2001, Aaron Lehmann wrote:
> On Tue, Feb 06, 2001 at 08:19:28AM +0000, Drew Bertola wrote:
> > Not if the C code to control the switch is binary only (locally) and
> > protected by hardcoded password (argv) with an algorithm like MD5
> > to keep it safe within the binary. (Not to mention the obscurity
> > involved).
> Bullshit. When you're root, you don't need those binaries to work for
> you to get hardware-level access.
You cannot replace hardcoded passwd from ROM for example. Your method
fails miserably trying that. Changing password is not easy for the
legitimate user of course but it's for an emergency situation anyway.
You need to know hardware in order to hack on that level. And who says you
are going to be working on a known hardware? It's possible to setup a web
server that will handle hardware configuration for other systems with very
small chance of being broken into. Even then you won't know what to do
with it if it's a proprietary unpublished design. A good embedded system
won't have any tools for you to start with. It will only run certain
programs in RAM to manage other systems over private network or RS232 for
example, no generic logins, no root, etc.
> Even if you didn't know how the hardware stuff worked and the security
> through obscurity of the hardware interfaces was enough (which is not a
> good bet), you're root. That binary-only crap will not stop you. Simply
> disassemble the binary and change the MD5 comparison into a noop. It's
> not that hard. Security by obscririty gets you nowhere.
Wrong! I managed to catch bad guys just because I ran things the way they
did not expect. They wiped out log files but my "private logging" kept
running. I was able to reconstruct the events based on info from netstat,
machine load, and output from ps for days back. On top of that, the log
segment get's emailed to other systems on a daily basis. Had they known
that, they would kill my private cron job. It doesn't mean it will work in
any instance but it's worth a try.
The important thing is to make it difficult enough for them to go
somewhere else. That gives you time to detect the problem and take
O__ ---- Rafael Skodlar
c/ /'_ --- Linux Imagineer since 1994
(*) \(*) -- There is a tunnel at the end of light.
More information about the svlug