For some reason, i just realized something ODD.
As i see it's major security risk, unless you use disk encryption, or disable this little thing...
It occurred to me, that regular user can use dd. This can be done physically/remotely if user has accoun/or can log on with ssh
By default FreeBSD allows any user to use dd.
User can copy disk, and save it to custom medium/net or whatever....
Later he can go home, and using his own version of FreeBSD mount image.... and now as root.
He will have access to everything..... therefore if / is unencrypted, he can try to brute gess passwords.....
Solution is simple:
a) Only allow dd to root/wheel
b) encrypt everything
c) make sure user can't access /dev
OK, someone might know this, but for me [i use freebsd at home], this was shock....
Anyone got comments?
P.S. and i was fallowing
to harden my system
EDIT: i didn't do much testing, it's late, i will do more tomorrow....
just realized, that i'm not sure if ordinary user can read /dev/....
worked for me, cause i'm wheel
And sorry if this is just false alarm
EDIT2: coundn't sleep.... it's all good, /dev/... can't be read by user....
Admin, plz delete this, i can't
Last edited by graudeejs; 25th September 2008 at 10:39 PM. Reason: My fault, /dev/ad, can't be read by user
|Thread||Thread Starter||Forum||Replies||Last Post|
|trouble with binat routing||SystemDog||OpenBSD General||3||21st December 2009 04:01 PM|
|LCD Backlight Trouble||zer0x||OpenBSD General||3||24th July 2009 08:22 AM|
|Trouble with ZFS switch||dewarrn1||FreeBSD General||2||11th September 2008 11:58 PM|
|Trouble with ftp with pf enabled||kasse||FreeBSD General||8||24th August 2008 11:25 PM|
|Firewire trouble - Please help!||cssgalactic||FreeBSD General||13||25th June 2008 08:24 PM|