Total Security By Pass

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Total Security By Pass

Postby spacegoat on Fri Mar 04, 2011 7:59 am

Hello,

My daughter who I locked out of Deb Mint by changing her password worked out a way to get back in and run any arbitrary program and access any user data!!!

At the login screen perform CTRL-ALT-DEL
The system Monitor pops up.
Double click on any disk and you will be able to browse, read and execute anything.

The solution I used was to chmod o-x and chmod g-x on the system monitor.

I do not know if this affects other Mint, Debian or Ubuntu versions.
spacegoat
Level 1
Level 1
 
Posts: 2
Joined: Fri Mar 04, 2011 7:50 am

Linux Mint is funded by ads and donations.
 

Re: Total Security By Pass

Postby viking777 on Fri Mar 04, 2011 8:23 am

That sounds dramatic, but it is a simple fact that if you have physical access to a machine you can do anything with it. Boot from a live cd, reset the password to one of your own choosing and you have the ability to access and change anything you like.

The moral is don't leave your laptop on the bus :lol:

PS. I am not sure if that applies to a grub password or not, but it probably does - I am sure someone will tell me. Encrypted file systems are probably another answer.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Total Security By Pass

Postby zerozero on Fri Mar 04, 2011 8:30 am

Just for the record that seems to be a gdm-specific problem. I just tried now in KDE and the behaviour is totally different: a window pops up with shut down and restart options.
zerozero
Level 16
Level 16
 
Posts: 6471
Joined: Tue Jul 07, 2009 2:29 pm

Re: Total Security By Pass

Postby viking777 on Fri Mar 04, 2011 9:08 am

The default in gnome is to map Ctl/Alt/Del to gnome-system-monitor. You can change it in gconf-editor under apps/metacity/keybinding_commands.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Total Security By Pass

Postby spacegoat on Fri Mar 04, 2011 10:13 am

Thanks for the tips.

I believe this issue is dramatic.
The general PC community are not Boot CD knowledgeable. Businesses rely on logical security. They cannot physically protect every persons PC.
spacegoat
Level 1
Level 1
 
Posts: 2
Joined: Fri Mar 04, 2011 7:50 am

Re: Total Security By Pass

Postby monkeyboy on Fri Mar 04, 2011 2:07 pm

spacegoat wrote:Thanks for the tips.

I believe this issue is dramatic.
The general PC community are not Boot CD knowledgeable. Businesses rely on logical security. They cannot physically protect every persons PC.



Security responses need to be tailored to meet the needs and resources of the user. What I need as a home user is radically different from the needs and solutions required by a business network. Lets face it for many business users Mint is not the optimal choice. Relax and enjoy
If you don't like it, make something better
If you can't make something better, adapt
If you can't do either ball your panties up and cry.

Complaining is like masticating most anyone can do it.
However doing it in public is really hardcore.
User avatar
monkeyboy
Level 5
Level 5
 
Posts: 777
Joined: Mon Oct 13, 2008 11:30 am

Re: Total Security By Pass

Postby DrHu on Fri Mar 04, 2011 2:48 pm

spacegoat wrote:My daughter who I locked out of Deb Mint by changing her password worked out a way to get back in and run any arbitrary program and access any user data!!!

She could run user programs, but unless she knew the admin password, that is used by the first created user on a Ubuntu/Mint system (a slight limited root account), she would not be able to reset your desktop settings for example..

Secondly, the default permissions on user directories (folders) allow other users to see rectories and contents under /home
--you can prevent that by changing your permissions for group and others to no access, so she would then be unable to read or see your /home data

Also, you should remember to change your account password, since that is probably the user account you use to manage the system
Better pick a better password, my guess she saw you type it or otherwise knows it
--for example if you changed her password while she was watching you..
User avatar
DrHu
Level 16
Level 16
 
Posts: 6694
Joined: Wed Jun 17, 2009 8:20 pm

Re: Total Security By Pass

Postby malligt on Sat Mar 05, 2011 12:43 pm

Question for @viking777

The default in gnome is to map Ctl/Alt/Del to gnome-system-monitor. You can change it in gconf-editor under apps/metacity/keybinding_commands.


This has always frustrated me.

LMDE Main Menu has the keyboard shortcut for ctrl+alt+del as the log out short cut. But, if I'm understanding you correctly, you say ctrl+alt+del is the gnome default for system monitor?

With all due respect here, which is correct?
malligt
Level 4
Level 4
 
Posts: 253
Joined: Sat Sep 11, 2010 12:58 pm

Re: Total Security By Pass

Postby viking777 on Sat Mar 05, 2011 12:54 pm

LMDE Main Menu has the keyboard shortcut for ctrl+alt+del as the log out short cut


Not on my system. Ctl/Alt/Del gives me the system monitor. If yours is different I apologise, I only report what I see.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Total Security By Pass

Postby malligt on Sat Mar 05, 2011 1:06 pm

Here it is, unchanged from the time I downloaded and installed it. LMDE 2011 respin 32 bit.
Attachments
Screenshot-Keyboard Shortcuts.png
Screenshot-Keyboard Shortcuts.png (40.41 KiB) Viewed 1095 times
malligt
Level 4
Level 4
 
Posts: 253
Joined: Sat Sep 11, 2010 12:58 pm

Re: Total Security By Pass

Postby viking777 on Sat Mar 05, 2011 1:20 pm

Yes, I have that as well, but now look in gconf-editor apps/metacity/keybinding_commands in conjunction with apps/metacity/global_keybindings and look for the same run_command number in both and you will see what the OS actually takes notice of.

Now I have to say that I believe Ctl/Alt/Del should be mapped to the Log out command, but it isn't, at least not on my version of LMDE, and I would hardly have changed it myself to something that I think is wrong, would I?
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Total Security By Pass

Postby malligt on Sat Mar 05, 2011 1:36 pm

You raise an interesting point.
Consider for a moment that a majority of persons encountering LMDE for the first time, would see it my way...that is to say that the command ctrl+alt+del wrongly shows system monitor.

Probably due to years of Windows XP/VISTA/7 usage.

BTW--I diligently tried to follow your instructions, got to gconif-editor...apps/metacity/keybinding settings/command # 9....and tried to edit it (rename) to gnome-log-off....and it failed. :(

So I'm still learning...
malligt
Level 4
Level 4
 
Posts: 253
Joined: Sat Sep 11, 2010 12:58 pm

Re: Total Security By Pass

Postby viking777 on Sat Mar 05, 2011 1:44 pm

malligt wrote:You raise an interesting point.
Consider for a moment that a majority of persons encountering LMDE for the first time, would see it my way...that is to say that the command ctrl+alt+del wrongly shows system monitor.

Probably due to years of Windows XP/VISTA/7 usage.

BTW--I diligently tried to follow your instructions, got to gconif-editor...apps/metacity/keybinding settings/command # 9....and tried to edit it (rename) to gnome-log-off....and it failed. :(

So I'm still learning...

Ah, well you are braver than me for even trying to remap it, I haven't :oops:

I believe the command you need is
Code: Select all
gnome-session-save --kill
but I haven't tested it so I could be wrong.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Linux Mint is funded by ads and donations.
 

Return to Newbie Questions

Who is online

Users browsing this forum: No registered users and 2 guests