|
||||
dd+user=trouble
For some reason, i just realized something ODD.
As i see it's major security risk, unless you use disk encryption, or disable this little thing... It occurred to me, that regular user can use dd. This can be done physically/remotely if user has accoun/or can log on with ssh By default FreeBSD allows any user to use dd. User can copy disk, and save it to custom medium/net or whatever.... Later he can go home, and using his own version of FreeBSD mount image.... and now as root. He will have access to everything..... therefore if / is unencrypted, he can try to brute gess passwords..... Solution is simple: a) Only allow dd to root/wheel b) encrypt everything c) make sure user can't access /dev OK, someone might know this, but for me [i use freebsd at home], this was shock.... Anyone got comments? P.S. and i was fallowing http://www.bsdguides.org/guides/free...ity/harden.php to harden my system EDIT: i didn't do much testing, it's late, i will do more tomorrow.... just realized, that i'm not sure if ordinary user can read /dev/.... worked for me, cause i'm wheel And sorry if this is just false alarm EDIT2: coundn't sleep.... it's all good, /dev/... can't be read by user.... Admin, plz delete this, i can't Last edited by graudeejs; 25th September 2008 at 10:39 PM. Reason: My fault, /dev/ad, can't be read by user |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
trouble with binat routing | SystemDog | OpenBSD General | 3 | 21st December 2009 04:01 PM |
LCD Backlight Trouble | zer0x | OpenBSD General | 3 | 24th July 2009 08:22 AM |
Trouble with ZFS switch | dewarrn1 | FreeBSD General | 2 | 11th September 2008 11:58 PM |
Trouble with ftp with pf enabled | kasse | FreeBSD General | 8 | 24th August 2008 11:25 PM |
Firewire trouble - Please help! | cssgalactic | FreeBSD General | 13 | 25th June 2008 08:24 PM |