On Thu, Apr 27, 2000 at 12:30:39PM -0700, Dan Hutchinson wrote: > This may be the wrong group for the following, but I went to the website > www.linuxsecurity.com and there stating that it is impossible to make > GNU/Linux -> Debian/Linux total secure because the root user has the > ability to change the /bin/login file, that modules have to much access > to the kernal, and that certain processes aren't monitored. They have > a LIDS patch that is suppose to clean the above items up. My question > is, is it true about the above risks? I am using potato ver. 2.2.9 with > the 2.2.14PCI kernal. Also, has anyone used LIDS? Does it block your > ability to change broken modules, etc...
I don't know much about LIDS, but what they are talking about is true, though they should just say its impossible to make a totally secure box anyway. all powerful root: root on linux like most other *nixes can do pretty much anything to the system, he is not subject to the file permissions on the filesytem etc. this means basically that if root is compromised its game over. there are some systems which take away root's special powers and essentially make uid 0 (root) just an ordinary user. these are often called `capability' based systems, or `trusted' systems, they include Trusted Irix, and i think there is a Trusted Solaris, and a Trusted Digital Unix. the problem with these systems is they become quite difficult to administer, but the advantage is if root is compromised its no big deal. I once read that a admin of one of these trusted OSes (Digital unix iirc) set a null password on the root account and used it as the `guest' user that guests could use, this sounds like utter stupidity but it really isn't in a fully capability based system root is no more powerful then any other user account. kernel modules: yes its quite true that modules have pretty much full access to the kernel, you can make a kernel module that is designed to hide processes or files on the filesystem from detection, or to interfere with checks such as tripwire or AIDE causing them to think all is well when in fact many files have been altered. this basically falls back on all powerful root though, root is the only one who may load kernel modules, thus root can modify the kernel. if the risk of allowing kernel modules outweighs there usefullness you can disable kernel modules all together in the kernel configuration. problem solved. there is no such thing as a fully secure system, LIDS does not make a system secure all by itself, and certainly not totally secure. LIDS is just a tool, (an intrusion detection system, a burgler alarm for your OS so to speak). security is a dynamic thing, you need to decide what you are protecting, and how much trouble you are willing to go to to protect it. with more and more security you lose more and more flexability and convenience, only you can decide where to draw that line. if you want 99.999999999999999999% totally secure system unplug your computer right now, put it in the most expensive vault you can find, seal that up in 100 tons of concrete and drop it into the ocean, and have submarines circle it shooting torpedos at anything that so much as moves in its direction. this is pretty close to totally secure, but i would say not all that useful (or economical) ;-) if you want to make sure nobody ever gets your data or gets at your computer 100% total secure the only way is to destroy it. also not that useful ;-) for most people shutting off all uneeded services, firewalling/wrapping the remaining ones, using strong passwords, using secure protocols over unsecure ones (ssh instead of telnet etc) and checking for security updates/patches and applying them as soon as they are found will provide enough security for most people. -- Ethan Benson http://www.alaska.net/~erbenson/
pgpHk1NT4Asv3.pgp
Description: PGP signature
