DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th September 2008
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
ISO Quartermaster
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 589
Default dd+user=trouble

For some reason, i just realized something ODD.
As i see it's major security risk, unless you use disk encryption, or disable this little thing...

It occurred to me, that regular user can use dd. This can be done physically/remotely if user has accoun/or can log on with ssh

By default FreeBSD allows any user to use dd.
User can copy disk, and save it to custom medium/net or whatever....
Later he can go home, and using his own version of FreeBSD mount image.... and now as root.
He will have access to everything..... therefore if / is unencrypted, he can try to brute gess passwords.....

Solution is simple:
a) Only allow dd to root/wheel
b) encrypt everything
c) make sure user can't access /dev



OK, someone might know this, but for me [i use freebsd at home], this was shock....

Anyone got comments?


P.S. and i was fallowing
http://www.bsdguides.org/guides/free...ity/harden.php
to harden my system



EDIT: i didn't do much testing, it's late, i will do more tomorrow....
just realized, that i'm not sure if ordinary user can read /dev/....
worked for me, cause i'm wheel
And sorry if this is just false alarm



EDIT2: coundn't sleep.... it's all good, /dev/... can't be read by user....
Admin, plz delete this, i can't

Last edited by graudeejs; 25th September 2008 at 10:39 PM. Reason: My fault, /dev/ad, can't be read by user
Reply With Quote
  #2   (View Single Post)  
Old 25th September 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

An example from an OpenBSD 4.3 machine:

Code:
Terry@vectra-$ dd if=/dev/wd0d of=~/image bs=512
dd: /dev/wd0d: Permission denied
Terry@vectra-$
I would test on FreeBSD, but I'm not using that system atm.


Simple fact:

If they can gain access to the machine, they can probably steal your data -- who needs to use your systems dd, when they can use a live cd, external usb drive, and go to town with their own tools. You should also always think twice, what you allow people without uid 0 (root) to read.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #3   (View Single Post)  
Old 25th September 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

You can't entirely prevent a user from accessing /dev, it's an integral part of a Unix-like system... the users allocated pty/tty(4) device for example.

Access to raw devices is restricted via, permissions.. and of coarse, the securelevel(7).

The text of the page differs between the BSD derivatives, but the gist of it is a securelevel >= 1 disallows write access to raw devices.. or at least mounted raw devices under OpenBSD.

Besides that, the default file permissions on such devices are set to decent values.. for example:
Code:
 $ ls -lh /dev/rwd0? 
crw-r-----  1 root  operator    3,   0 Aug  3 19:08 /dev/rwd0a
crw-r-----  1 root  operator    3,   1 Aug  3 19:08 /dev/rwd0b
crw-r-----  1 root  operator    3,   2 Aug  3 19:08 /dev/rwd0c
crw-r-----  1 root  operator    3,   3 Aug  3 19:08 /dev/rwd0d
crw-r-----  1 root  operator    3,   4 Aug  3 19:08 /dev/rwd0e
crw-r-----  1 root  operator    3,   5 Aug  3 19:08 /dev/rwd0f
crw-r-----  1 root  operator    3,   6 Aug  3 19:08 /dev/rwd0g
crw-r-----  1 root  operator    3,   7 Aug  7 21:24 /dev/rwd0h
crw-r-----  1 root  operator    3,   8 Aug  3 19:08 /dev/rwd0i
crw-r-----  1 root  operator    3,   9 Aug  3 19:08 /dev/rwd0j
crw-r-----  1 root  operator    3,  10 Aug  3 19:08 /dev/rwd0k
crw-r-----  1 root  operator    3,  11 Aug  3 19:08 /dev/rwd0l
crw-r-----  1 root  operator    3,  12 Aug  3 19:08 /dev/rwd0m
crw-r-----  1 root  operator    3,  13 Aug  3 19:08 /dev/rwd0n
crw-r-----  1 root  operator    3,  14 Aug  3 19:08 /dev/rwd0o
crw-r-----  1 root  operator    3,  15 Aug  3 19:08 /dev/rwd0p
This means only root has write access, members of the operator group have read access.. all other users are disallowed.

I'm sure FreeBSD has similar permission settings..
Reply With Quote
  #4   (View Single Post)  
Old 26th September 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

By default, on FreeBSD, only root and user in the operator group can read raw disk devices (/dev/ad*, /dev/da*, etc). Hence "normal" users (those not in the operator group) cannot use dd to clone your harddrive.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #5   (View Single Post)  
Old 26th September 2008
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
ISO Quartermaster
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 589
Default

ye, sorry, i was half sleep, when this stupid idea came to my mind

i feel noobish
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
trouble with binat routing SystemDog OpenBSD General 3 21st December 2009 04:01 PM
LCD Backlight Trouble zer0x OpenBSD General 3 24th July 2009 08:22 AM
Trouble with ZFS switch dewarrn1 FreeBSD General 2 11th September 2008 11:58 PM
Trouble with ftp with pf enabled kasse FreeBSD General 8 24th August 2008 11:25 PM
Firewire trouble - Please help! cssgalactic FreeBSD General 13 25th June 2008 08:24 PM


All times are GMT. The time now is 11:00 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick