Big security flaw with custom user and noautologin

[baz]

If you specify a custom user and noautologin in the bootcodes (already having set the passwords and all) you can simply bypass it all by providing the user "tc" with no password to get into the system.

Please let me know if I should not report problems or issues regarding custom users since bmarkus let me know in another thread that focus on this is being delayed to a later date.

Baz

[gerald_clark]

Did you also set a password for tc?

[baz]

No, went directly to custom user. That would very likely work but should be documented I guess

[baz]

Another issue actually - and perhaps I am misunderstanding how this is supposed to work - if I am using the default user "TC" (on a fresh install without ever having specified a custom user) and I want to specify noautologin - I first have to temporarily provide the bootcode "secure" to set the passwords. Once those are set, I remove the "secure" bootcode, and provide /etc/shadow to .filetool.lst, is this correct?

The problem is if I do that, and reboot, TC does not require a password, but if I keep the "secure" bootcode I am asked to redo my passwords at every boot.

Thoughts?

[danielibarnes]

Are you certain the backup containing your custom etc/shadow was restored?

I agree that if you specify a custom user the tc user should not even be present, but that likely involves a lot of changes and testing so I figure it will be investigated after 2.9 is released.

[baz]

No not certain at all, how can I check?

[danielibarnes]

No not certain at all, how can I check?

Use the "pause" boot parameter to look for a "backup restored" message. Also, compare the contents of /etc/shadow with the default and what is in your mydata.tgz.

[baz]

Oh man, I am such an idiot. This is my first time using MicroCore and I am so used to associating backing up with rebooting in TinyCore that I never ran: filetool.sh backup

Embarrassing.

Thanks!

By the way, do you have to do chpasswd at some point too, or noautologin/secure are all that's needed?

[danielibarnes]

once you save the password in /etc/shadow you only need the noautologin boot parameter.

[baz]

so I never needed to chpasswd, not even once?

[danielibarnes]

Not if you already set the passwords with "secure." If you examine /etc/init.d/tc-config you will see that it uses chpasswd to set the passwords. There are three different ways to set passwords:
1) Boot with the "secure" boot parameter,
2) Use chpasswd, or
3) Use passwd.

[baz]

awesome possum - can we rename "secure" to "setpassword"

[moB]

once you save the password in /etc/shadow you only need the noautologin boot parameter.

Suppose one could still boot to CMD only (noX) edit shadow so passwords are blank ("root::...") done this before when passwords were lost (old OS hadn't been in use, but I needed to access some files...)

Often setting bootcode "linux single" results in root login without need to edit shadow; this has worked before, too. Is it prevented in TC?

Keep access to your (physical box) system secure and you will be secure.
Paswords are only a slight deterence to intrusion. Even windoze can be accessed by simple methods.
Check out RecoveryCD (gentoo-based.)

b.

"Ships are safe in harbor, but were never meant to stay there."

[curaga]

There are no runlevels in TC, so the single code wouldn't do anything.

[moB]

Also, my comments about security weakness do not apply to encrypted backups. So for those needing more security the "protect" boot option seems best.

It still wouldn't protect those files in persistent mode, of course. So adjust settings to suit your requirements.

b

"and yet so mystical and well nigh ineffable was it, that I almost despair of putting it in a comprehensible form."
The Whale