[SOLVED] If passwords are disabled, can my TC box get hacked into?

[Ulysses_]

This TC box only has iptables installed but in the default unconfigured state with the firewall fully open and passwords disabled for root and tc.  Let's say the baddies have control of a machine physically connected to this TC box.

Does the lack of passwords and the fully open firewall mean that this TC box can be hacked into?

[Rich]

Hi Ulysses_
If you don't have any programs running that are listening to the network, then no. If you have a
program running that offers network access to a console, then yes. If you are sharing directories
through the network, then maybe. In the case of simple sharing (no passwords) you can make it
harder to cause serious damage by using a dedicated directory for share use only with no execute
permissions. I believe you can  chroot  that directory to make gaining access to the rest of the
system even harder.

[Ulysses_]

Thanks.  If there are exploits for TCB, ie mistakes in TCB code that malicious types can utilize, does it make any difference if the password is null? 

No other software running apart from iptables in its default state of no rules.

[Rich]

Hi Ulysses_
Hypothetically: If someone managed to gain access as user X, they would be limited by whatever
rights user X has. If you have  sudo  on the system and user X has  sudo  rights, then I don't think
even a root password will stop them from doing whatever they want. In this scenario, removing
sudo  and setting the root password would provide an added level of security.

Having said that, for any of that to happen, both machines have to agree to establish a connection.
So if you don't have any programs listening to the network, your machine will not accept any
connection requests, regardless of  iptables. To be clear, programs that listen include browsers,
openSSH, file sharing programs, and nc (netcat) among others.

In order for someone to compromise your machine, they need to be able to make changes to it.
Examples include modifying  /etc/inittab  to make a console available through the network using netcat,
and a cron job that periodically establishes a brief connection with a remote machine and closes it
when it's done to avoid detection. Of course for an exploit to remain persistent, one needs to take
into account TCs backup scheme.

So far all you've described is a machine that boots, is unused, and runs nothing. Perhaps if you give
a little more information about what you wish to do, someone can provide some insight to address
your concerns.

[Ulysses_]

Just trying to find out about the TC base first, whether the lack of a password has any security implications.  Various ideas cross my mind at times, of things to do with TC, especially in vmware VMs.  Eg one idea is is connection teaming of various anonymity providers to get high bandwidth anonymity.  Another is to use gateways to block untrusted anonymity software (a Chinese one is accused of having been observed doing nasty things to US government sites) but still use its anonymity feature. Maybe when some of these get closer to implementation the security implications of the passwords can be looked at closer.