[SOLVED] Is Linux security this weak?

[jheel]

hello,
i have openSUSE 11.1 installed for about 3 or 4 months, used openSUSE 10.3 before i installed the newer version. I dual-boot with Vista. I have a friend who works in a Dell call center (technical support). The other day, he saw Linux on my system and said its a good alternative to windows (minus gaming) however, by default, was easier to crack. I thought i knew for sure that he was wrong, i protested and he said he can prove it. So this is what he did. He restarted openSUSE, on the "select operating system to start" menu, he selected openSUSE and chose the option to add extra boot parameters. Added something, Pressed enter, and logged in as the root user in a black screen (terminal like). He could 'cd' all thru my ex2 filesystem, and 'more' any file in the tree. he even did a ' cat >> newfile.txt" in '/' and didn't get a single access denied error. He said the only way to prevent this is to put a password for GRUB. Maybe it's difficult to believe for the readers, but i saw this happen before my very eyes. I'm now concerned about my personal files. He bagged read access to my NTFS partitions as well, and this is bad..
My questions:-
1> Does anybody know how he did this?
2> Is there a way to prevent this?
3> How do I put a password for GRUB?

Thanks in advance

[44139]

the problem with grub is that if you make an incorrect entry, it defaults to the editor mode, where you can do what you like, including view all the login options. Perhaps lilo is safer?

[coopstah13]

if someone has physical access to a machine, there is more than one way to access it, its not just linux, you could use a linux livecd to get into the files of any system you wanted if you have physical access even windows

[jheel]

you could use a linux livecd to get into the files of any system you wanted if you have physical access even windows

hello,
Thanks for the reply
i doubt he could do that without a chassis tear-down. I have my first hard drive set as the first boot device in the BIOS and have it locked with a password. And i doubt a boot parameters editor is that easily available on the windows boot menu. Anyway, i cannot afford to uninstall linux, its my main OS now. So then, shall i try to install lilo?

[reed9]

You can enter single user mode just as easily with LILO as with GRUB. That's not the issue.

And i doubt a boot parameters editor is that easily available on the windows boot menu.

Windows gives you free reign to the system anyways, for the most part, so it's rather a moot point.

You can password protect GRUB.
How To Password Protect GRUB Entries (Linux)

You can also require a password for the single user recovery mode.
How to password protect the single user mode in Linux Tux Training

If you're unable to lock your BIOS, it won't matter, as, again, anyone with a live CD can get in. In which case, you can also encrypt your partitions.

[MikeTbob]

hello,
Thanks for the reply
i doubt he could do that without a chassis tear-down. I have my first hard drive set as the first boot device in the BIOS and have it locked with a password. And i doubt a boot parameters editor is that easily available on the windows boot menu. Anyway, i cannot afford to uninstall linux, its my main OS now. So then, shall i try to install lilo?

Do you have data on your machine that is for your eyes only? Then yes, you might need to use a GRUB password, BIOS password and so on, if your data is that important, you might also consider disk or file encryption. Your system is only as secure as you make it. Leaving the installer CD/DVD's next to the machine is a no-no just like writing down the root password. The recovery mode drops you right down to a root shell. As stated above, physical access to a machine is very hard to protect against. I don't keep my data anywhere near a computer if it's that important, I'll stick it on a Camera SD drive and toss it in the bottom of my junk pile if I want to protect it.
Here is a link that explains how to set GRUB passwords.
HOWTO: Password protect your GRUB entries - Ubuntu Forums

[coopstah13]

A description of the Safe Mode Boot options in Windows XP

you just need to hit f8 right before windows loads (space I think in vista) you can boot into command prompt and get to things.

[jheel]

Windows gives you free reign to the system anyways, for the most part, so it's rather a moot point.

You can password protect GRUB.
How To Password Protect GRUB Entries (Linux)

You can also require a password for the single user recovery mode.
How to password protect the single user mode in Linux Tux Training

If you're unable to lock your BIOS, it won't matter, as, again, anyone with a live CD can get in. In which case, you can also encrypt your partitions.

hello
thanks for the reply.
"Windows gives free reign" - not true. If you set it up right, and use a non admin account for daily activities, it doesn't give free reign. NTFS allows for security rights, and they are easier to define in windows than in linux- for me, you might find linux easier but anyway, NTFS allows security rights and encryption.

"If you're unable to lock your BIOS..."
i already have my BIOS locked

Thanks for the links, i'd put a password for GRUB

[jheel]

Do you have data on your machine that is for your eyes only? Then yes, you might need to use a GRUB password, BIOS password and so on, if your data is that important, you might also consider disk or file encryption. Your system is only as secure as you make it. Leaving the installer CD/DVD's next to the machine is a no-no just like writing down the root password. The recovery mode drops you right down to a root shell. As stated above, physical access to a machine is very hard to protect against. I don't keep my data anywhere near a computer if it's that important, I'll stick it on a Camera SD drive and toss it in the bottom of my junk pile if I want to protect it.
Here is a link that explains how to set GRUB passwords.
HOWTO: Password protect your GRUB entries - Ubuntu Forums

Thanks mate I'd put a password for GRUB. Yes i do have stuff which are for my eyes only. I consider my girlfren's snaps to be one of those.

[jheel]

A description of the Safe Mode Boot options in Windows XP

you just need to hit f8 right before windows loads (space I think in vista) you can boot into command prompt and get to things.

Yo, like i said, i dual boot with Vista
It's not "space", it's still the classic F8 for safe mode in Vista as well.
And by default, Vista won't allow a user to log in to safe mode without the password- it would come up with a list of configured administrator accounts, once you click on one of those-it'd ask for the password before letting you in.