PAM conf files are insecure! [closed]
Clash Royale CLAN TAG#URR8PPP
PAM configuration files located in /etc/pam.d/ are vulnerable to physical attack. That is they can be modified from an external system (bootable USB or take drive to another machine)
Other than encrypting the whole drive is there another way to protect these PAM config files?
security authentication pam
asked Dec 25 '18 at 5:58
Steel-Columbia
22
closed as too broad by Rui F Ribeiro, Jeff Schaller, icarus, Anthony Geoghegan, A.B Dec 26 '18 at 13:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
|
show 3 more comments
PAM configuration files located in /etc/pam.d/ are vulnerable to physical attack. That is they can be modified from an external system (bootable USB or take drive to another machine)
Other than encrypting the whole drive is there another way to protect these PAM config files?
security authentication pam
asked Dec 25 '18 at 5:58
Steel-Columbia
22
closed as too broad by Rui F Ribeiro, Jeff Schaller, icarus, Anthony Geoghegan, A.B Dec 26 '18 at 13:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
3
Don't let people have physical access to your machine.
– Michael Homer
Dec 25 '18 at 7:59
That's not helpful.
– Steel-Columbia
Dec 25 '18 at 23:59
2
It is the only solution that satisfies your criteria, so it’s maximally helpful.
– Michael Homer
Dec 26 '18 at 0:09
1
Great! You're allowed to answer your own questions, so feel free to post one with your other solution(s) below.
– Michael Homer
Dec 27 '18 at 3:35
1
The 10 Immutable Laws of Computer Security. See also What can a hacker do when he has physical access to a system?
– G-Man
Dec 27 '18 at 10:34
|
show 3 more comments
PAM configuration files located in /etc/pam.d/ are vulnerable to physical attack. That is they can be modified from an external system (bootable USB or take drive to another machine)
Other than encrypting the whole drive is there another way to protect these PAM config files?
security authentication pam
asked Dec 25 '18 at 5:58
Steel-Columbia
22
PAM configuration files located in /etc/pam.d/ are vulnerable to physical attack. That is they can be modified from an external system (bootable USB or take drive to another machine)
Other than encrypting the whole drive is there another way to protect these PAM config files?
security authentication pam
security authentication pam
asked Dec 25 '18 at 5:58
Steel-Columbia
22
asked Dec 25 '18 at 5:58
Steel-Columbia
22
edited Dec 27 '18 at 3:32
asked Dec 25 '18 at 5:58
Steel-Columbia
22
asked Dec 25 '18 at 5:58
Steel-Columbia
22
asked Dec 25 '18 at 5:58
Steel-Columbia
22
22
closed as too broad by Rui F Ribeiro, Jeff Schaller, icarus, Anthony Geoghegan, A.B Dec 26 '18 at 13:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by Rui F Ribeiro, Jeff Schaller, icarus, Anthony Geoghegan, A.B Dec 26 '18 at 13:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
3
Don't let people have physical access to your machine.
– Michael Homer
Dec 25 '18 at 7:59
That's not helpful.
– Steel-Columbia
Dec 25 '18 at 23:59
2
It is the only solution that satisfies your criteria, so it’s maximally helpful.
– Michael Homer
Dec 26 '18 at 0:09
1
Great! You're allowed to answer your own questions, so feel free to post one with your other solution(s) below.
– Michael Homer
Dec 27 '18 at 3:35
1
The 10 Immutable Laws of Computer Security. See also What can a hacker do when he has physical access to a system?
– G-Man
Dec 27 '18 at 10:34
|
show 3 more comments
3
Don't let people have physical access to your machine.
– Michael Homer
Dec 25 '18 at 7:59
That's not helpful.
– Steel-Columbia
Dec 25 '18 at 23:59
2
It is the only solution that satisfies your criteria, so it’s maximally helpful.
– Michael Homer
Dec 26 '18 at 0:09
1
Great! You're allowed to answer your own questions, so feel free to post one with your other solution(s) below.
– Michael Homer
Dec 27 '18 at 3:35
1
The 10 Immutable Laws of Computer Security. See also What can a hacker do when he has physical access to a system?
– G-Man
Dec 27 '18 at 10:34
3
3
Don't let people have physical access to your machine.
– Michael Homer
Dec 25 '18 at 7:59
Don't let people have physical access to your machine.
– Michael Homer
Dec 25 '18 at 7:59
That's not helpful.
– Steel-Columbia
Dec 25 '18 at 23:59
That's not helpful.
– Steel-Columbia
Dec 25 '18 at 23:59
2
2
It is the only solution that satisfies your criteria, so it’s maximally helpful.
– Michael Homer
Dec 26 '18 at 0:09
It is the only solution that satisfies your criteria, so it’s maximally helpful.
– Michael Homer
Dec 26 '18 at 0:09
1
1
Great! You're allowed to answer your own questions, so feel free to post one with your other solution(s) below.
– Michael Homer
Dec 27 '18 at 3:35
Great! You're allowed to answer your own questions, so feel free to post one with your other solution(s) below.
– Michael Homer
Dec 27 '18 at 3:35
1
1
The 10 Immutable Laws of Computer Security. See also What can a hacker do when he has physical access to a system?
– G-Man
Dec 27 '18 at 10:34
The 10 Immutable Laws of Computer Security. See also What can a hacker do when he has physical access to a system?
– G-Man
Dec 27 '18 at 10:34
|
show 3 more comments
1 Answer
1
active
oldest
votes
Physical access is root access. If you're able to change any part of the boot process, you're able to compromise the system.
It always depends on your attack scenario. If you believe that an attacker can change the PAM configuration, a full-disk encryption (FDE) can protect you against that. If you believe that the attacker replaces your FDE password prompt by some other tool to siphon your password, well, a locked down trusted boot chain is fine (see LinuxBoot, HEADS), but you're probably dealing with TPM at that point. HEADS makes this really secure, but its not completely production ready as far as I know.
However, those are all software mitigations. A hardware key logger placed between your keyboard and mainboard can again just send your input to an adversary. If they know at least some of your system (e.g. distribution or WM), they can also just replay a keyboard macro to send the data whenever there as has been an input pause for some time. Or they just copy your complete hard drive beforehand and use the recorded input to decrypt your their copy. Unless TPM or another enclave is used, it's almost impossible to prevent this kind of attack.
Therefore, let me repeat the first statement again: physical access is root access. If you want to slow a wannabe attacker down, then at least secure GRUB and your boot settings (e.g. any UEFI and/or boot order changes need a password), always boot from a specific hard drive, and use FDE. But keep in mind that all those actions make troubleshooting and support harder, just like reinforced doors and extra secure locks make it harder for a locksmith if you ever lose your keys.
But remember, it depends on your attack scenario. If I just want to deal some damage, I drop a bucket of water on your notebook.
To get back to your question: any means to protect the configuration files would be stored again somewhere. When someone modifies the files, they can just go ahead and change that meta file too. It's files all the way down.
answered Dec 25 '18 at 9:07
Zeta
61837
1
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
1
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
1
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Physical access is root access. If you're able to change any part of the boot process, you're able to compromise the system.
It always depends on your attack scenario. If you believe that an attacker can change the PAM configuration, a full-disk encryption (FDE) can protect you against that. If you believe that the attacker replaces your FDE password prompt by some other tool to siphon your password, well, a locked down trusted boot chain is fine (see LinuxBoot, HEADS), but you're probably dealing with TPM at that point. HEADS makes this really secure, but its not completely production ready as far as I know.
However, those are all software mitigations. A hardware key logger placed between your keyboard and mainboard can again just send your input to an adversary. If they know at least some of your system (e.g. distribution or WM), they can also just replay a keyboard macro to send the data whenever there as has been an input pause for some time. Or they just copy your complete hard drive beforehand and use the recorded input to decrypt your their copy. Unless TPM or another enclave is used, it's almost impossible to prevent this kind of attack.
Therefore, let me repeat the first statement again: physical access is root access. If you want to slow a wannabe attacker down, then at least secure GRUB and your boot settings (e.g. any UEFI and/or boot order changes need a password), always boot from a specific hard drive, and use FDE. But keep in mind that all those actions make troubleshooting and support harder, just like reinforced doors and extra secure locks make it harder for a locksmith if you ever lose your keys.
But remember, it depends on your attack scenario. If I just want to deal some damage, I drop a bucket of water on your notebook.
To get back to your question: any means to protect the configuration files would be stored again somewhere. When someone modifies the files, they can just go ahead and change that meta file too. It's files all the way down.
answered Dec 25 '18 at 9:07
Zeta
61837
1
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
1
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
1
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
add a comment |
Physical access is root access. If you're able to change any part of the boot process, you're able to compromise the system.
It always depends on your attack scenario. If you believe that an attacker can change the PAM configuration, a full-disk encryption (FDE) can protect you against that. If you believe that the attacker replaces your FDE password prompt by some other tool to siphon your password, well, a locked down trusted boot chain is fine (see LinuxBoot, HEADS), but you're probably dealing with TPM at that point. HEADS makes this really secure, but its not completely production ready as far as I know.
However, those are all software mitigations. A hardware key logger placed between your keyboard and mainboard can again just send your input to an adversary. If they know at least some of your system (e.g. distribution or WM), they can also just replay a keyboard macro to send the data whenever there as has been an input pause for some time. Or they just copy your complete hard drive beforehand and use the recorded input to decrypt your their copy. Unless TPM or another enclave is used, it's almost impossible to prevent this kind of attack.
Therefore, let me repeat the first statement again: physical access is root access. If you want to slow a wannabe attacker down, then at least secure GRUB and your boot settings (e.g. any UEFI and/or boot order changes need a password), always boot from a specific hard drive, and use FDE. But keep in mind that all those actions make troubleshooting and support harder, just like reinforced doors and extra secure locks make it harder for a locksmith if you ever lose your keys.
But remember, it depends on your attack scenario. If I just want to deal some damage, I drop a bucket of water on your notebook.
To get back to your question: any means to protect the configuration files would be stored again somewhere. When someone modifies the files, they can just go ahead and change that meta file too. It's files all the way down.
answered Dec 25 '18 at 9:07
Zeta
61837
1
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
1
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
1
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
add a comment |
Physical access is root access. If you're able to change any part of the boot process, you're able to compromise the system.
It always depends on your attack scenario. If you believe that an attacker can change the PAM configuration, a full-disk encryption (FDE) can protect you against that. If you believe that the attacker replaces your FDE password prompt by some other tool to siphon your password, well, a locked down trusted boot chain is fine (see LinuxBoot, HEADS), but you're probably dealing with TPM at that point. HEADS makes this really secure, but its not completely production ready as far as I know.
However, those are all software mitigations. A hardware key logger placed between your keyboard and mainboard can again just send your input to an adversary. If they know at least some of your system (e.g. distribution or WM), they can also just replay a keyboard macro to send the data whenever there as has been an input pause for some time. Or they just copy your complete hard drive beforehand and use the recorded input to decrypt your their copy. Unless TPM or another enclave is used, it's almost impossible to prevent this kind of attack.
Therefore, let me repeat the first statement again: physical access is root access. If you want to slow a wannabe attacker down, then at least secure GRUB and your boot settings (e.g. any UEFI and/or boot order changes need a password), always boot from a specific hard drive, and use FDE. But keep in mind that all those actions make troubleshooting and support harder, just like reinforced doors and extra secure locks make it harder for a locksmith if you ever lose your keys.
But remember, it depends on your attack scenario. If I just want to deal some damage, I drop a bucket of water on your notebook.
To get back to your question: any means to protect the configuration files would be stored again somewhere. When someone modifies the files, they can just go ahead and change that meta file too. It's files all the way down.
answered Dec 25 '18 at 9:07
Zeta
61837
Physical access is root access. If you're able to change any part of the boot process, you're able to compromise the system.
It always depends on your attack scenario. If you believe that an attacker can change the PAM configuration, a full-disk encryption (FDE) can protect you against that. If you believe that the attacker replaces your FDE password prompt by some other tool to siphon your password, well, a locked down trusted boot chain is fine (see LinuxBoot, HEADS), but you're probably dealing with TPM at that point. HEADS makes this really secure, but its not completely production ready as far as I know.
However, those are all software mitigations. A hardware key logger placed between your keyboard and mainboard can again just send your input to an adversary. If they know at least some of your system (e.g. distribution or WM), they can also just replay a keyboard macro to send the data whenever there as has been an input pause for some time. Or they just copy your complete hard drive beforehand and use the recorded input to decrypt your their copy. Unless TPM or another enclave is used, it's almost impossible to prevent this kind of attack.
Therefore, let me repeat the first statement again: physical access is root access. If you want to slow a wannabe attacker down, then at least secure GRUB and your boot settings (e.g. any UEFI and/or boot order changes need a password), always boot from a specific hard drive, and use FDE. But keep in mind that all those actions make troubleshooting and support harder, just like reinforced doors and extra secure locks make it harder for a locksmith if you ever lose your keys.
But remember, it depends on your attack scenario. If I just want to deal some damage, I drop a bucket of water on your notebook.
To get back to your question: any means to protect the configuration files would be stored again somewhere. When someone modifies the files, they can just go ahead and change that meta file too. It's files all the way down.
answered Dec 25 '18 at 9:07
Zeta
61837
edited Dec 25 '18 at 9:26
answered Dec 25 '18 at 9:07
Zeta
61837
answered Dec 25 '18 at 9:07
Zeta
61837
answered Dec 25 '18 at 9:07
Zeta
61837
61837
1
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
1
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
1
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
add a comment |
1
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
1
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
1
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
1
1
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
I've encrypted the files. Thank you for your time and thoughts. As to physical access = root access, is there some bit of history form which that statement comes? On the surface it doesn't seem to be true. If the drive's are encrypted physical access does not equal access to the files and without full access then that does not equal root.
– Steel-Columbia
Dec 25 '18 at 23:55
1
1
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
Don't take "root" as literal *nix user in this case, but instead as "way to get complete access to the system or data, either now or later". "It is a common saying in security", as compromised systems can do anything. Remember the key logger scenario: one installs the key logger, lets you use the PC for a while, and the comes back to use the logged keystrokes to login into your PC. Sure, the first physical access didn't breach any data, but the second one gained all of it, including complete control.
– Zeta
Dec 26 '18 at 8:42
1
1
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
I should probably mention that every operating system is prone to those attacks. A USB key/message logger doesn't care about your operating system. A well-placed camera that can record your hands on the keyboard doesn't neither, and the latter doesn't even need any change to your PC. A fingerprint scanner can sometimes even be cheated by a fingerprint that was saved with tape. Multi factor authentication can make this harder, but that's not supported by all systems. Therefore, ask yourself: who are your attackers? FDE is probably more than enough.
– Zeta
Dec 26 '18 at 8:48
add a comment |
3
Don't let people have physical access to your machine.
– Michael Homer
Dec 25 '18 at 7:59
That's not helpful.
– Steel-Columbia
Dec 25 '18 at 23:59
2
It is the only solution that satisfies your criteria, so it’s maximally helpful.
– Michael Homer
Dec 26 '18 at 0:09
1
Great! You're allowed to answer your own questions, so feel free to post one with your other solution(s) below.
– Michael Homer
Dec 27 '18 at 3:35
1
The 10 Immutable Laws of Computer Security. See also What can a hacker do when he has physical access to a system?
– G-Man
Dec 27 '18 at 10:34