Re: obsd boot hack (boot-modified-kernel-attack)

juct.heise.de

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Peter Shipley: "obsd boot hack (boot-modified-kernel-attack)"
• Previous message: Aleph One: "MacOS based buffer overflows..."
• In reply to: Peter Shipley: "obsd boot hack (boot-modified-kernel-attack)"
• Next in thread: Jeff Polk: "Re: obsd boot hack (boot-modified-kernel-attack)"

> Linux systems using LILO to boot are not vulnerable although Sparc
> Linux with SILO is vulnerable to a similar "boot-modified-kernel-attack"
> unless they are utilize a boot a password in the /etc/silo.conf
> configuration file.
> (thanks to Jon Paul Nollmann <sinsterdarkwater.com> for Linux Q & A)

While it is true that Linux/LILO is not vulnerable to this specific attack, it
should be noted, that gaining root on a Linux box via LILO boot-prompt is even
easier: you don't even need a modified kernel. Giving an init=/bin/sh as boot
parameter invokes the shell instead of init. After executing the necessary
init-scripts manually, you have full root-access to the machine.

To avoid this, you should add "RESTRICTED" and set a password in your
lilo.conf, which is then required to set any boot-options (don't forget, to
make /etc/lilo.conf read-only for root, it contains the password in clear text)

bye, juergen



Juergen Schmidt   Redakteur/editor  c't magazin
Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
EMail: juct.heise.de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417

• Next message: Peter Shipley: "obsd boot hack (boot-modified-kernel-attack)"
• Previous message: Aleph One: "MacOS based buffer overflows..."
• In reply to: Peter Shipley: "obsd boot hack (boot-modified-kernel-attack)"
• Next in thread: Jeff Polk: "Re: obsd boot hack (boot-modified-kernel-attack)"