Re: Gain root access on linux servers with physical access

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Sun Dec 17 2006 - 14:54:16 EST


I would have to say that it is still "true enough." Almost all of the
corporate (and even some military) installations I've seen over the last too
many years offered the users (and even passers by) what all of us here would
call "full physical access." While taking the machine apart to grab the
drive would certainly draw attention, it's not like there was some physical
barrier between the user and the system assets to prevent that. Even my
work with the USAF designing the ground network for the C-17 project
afforded users physical access to the boxes. They couldn't get on the
aircraft, but they could easily own the boxes if they wanted to. Most
servers are physically isolated from normal users but those with access
still have "full physical access."

That's really how it is in the "real world." Basically, if you can boot off
of a CD or alternate boot device, you can own the box in a matter of minutes
without any physical alteration to the system. It's hard enough for IT to
limit corporate users to be non-admin, much less try to implement some sort
of limited "surface physical access" where users couldn't use a CD or reboot
the machine.

I understand your points, but in reality, if I have physical access to the
box, the game really is over.

t

On 12/16/06 6:01 PM, "Gadi Evron" <ge@linuxbox.org> spoketh to all:

> On Sat, 16 Dec 2006, Patrick wrote:
>> spammailme@gmail.com wrote:
>>> All -
>>>
>>> I was wondering ideas on how to gain control of linux boxes with physical
>>> access to them in the hosting facility.
>>>
>>> The owner has code on them yet never bothered monitoring or gaining root
>>> access and her developers are blackmailing her. She has access the the
>>> hosting facility and the servers and backup staff yet needs to regain
>>> control of the servers.
>>
>> If she has physical access, then she does not need anything else
>> (other than a competent Linux person).
>
> As a note... today statements such as (as I used to make as well) "once
> you have physical access, the game is lost" are no longer true.
>
> I divide them today by:
> 1. Limited-time physical access (implies #3 below).
> 2. Full physical access (take the machine apart).
>
> and, if you like;
> 3. Surface physical access (touch the machine, don't disturb it inside the
> box or power supply).
>
> The difference is between using a USB drive to attack the machine when you
> pass it by or clean the desk, to taking it apart and mounting the hard
> drive to on separate box.
>
> Using a boot disk is somewhere in the middle, which I consider #2 above
> due to power-off/boot.
>
> Gadi.
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
> 08bOW
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:28 EDT