Total Security By Pass

[spacegoat]

Hello,

My daughter who I locked out of Deb Mint by changing her password worked out a way to get back in and run any arbitrary program and access any user data!!!

At the login screen perform CTRL-ALT-DEL
The system Monitor pops up.
Double click on any disk and you will be able to browse, read and execute anything.

The solution I used was to chmod o-x and chmod g-x on the system monitor.

I do not know if this affects other Mint, Debian or Ubuntu versions.

[viking777]

That sounds dramatic, but it is a simple fact that if you have physical access to a machine you can do anything with it. Boot from a live cd, reset the password to one of your own choosing and you have the ability to access and change anything you like.

The moral is don't leave your laptop on the bus

PS. I am not sure if that applies to a grub password or not, but it probably does - I am sure someone will tell me. Encrypted file systems are probably another answer.

[zerozero]

Just for the record that seems to be a gdm-specific problem. I just tried now in KDE and the behaviour is totally different: a window pops up with shut down and restart options.

[viking777]

The default in gnome is to map Ctl/Alt/Del to gnome-system-monitor. You can change it in gconf-editor under apps/metacity/keybinding_commands.

[spacegoat]

Thanks for the tips.

I believe this issue is dramatic.
The general PC community are not Boot CD knowledgeable. Businesses rely on logical security. They cannot physically protect every persons PC.

[monkeyboy]

Thanks for the tips.

I believe this issue is dramatic.
The general PC community are not Boot CD knowledgeable. Businesses rely on logical security. They cannot physically protect every persons PC.

Security responses need to be tailored to meet the needs and resources of the user. What I need as a home user is radically different from the needs and solutions required by a business network. Lets face it for many business users Mint is not the optimal choice. Relax and enjoy

[DrHu]

My daughter who I locked out of Deb Mint by changing her password worked out a way to get back in and run any arbitrary program and access any user data!!!

She could run user programs, but unless she knew the admin password, that is used by the first created user on a Ubuntu/Mint system (a slight limited root account), she would not be able to reset your desktop settings for example..

Secondly, the default permissions on user directories (folders) allow other users to see rectories and contents under /home
--you can prevent that by changing your permissions for group and others to no access, so she would then be unable to read or see your /home data

Also, you should remember to change your account password, since that is probably the user account you use to manage the system
Better pick a better password, my guess she saw you type it or otherwise knows it
--for example if you changed her password while she was watching you..

[malligt]

Question for @viking777

The default in gnome is to map Ctl/Alt/Del to gnome-system-monitor. You can change it in gconf-editor under apps/metacity/keybinding_commands.

This has always frustrated me.

LMDE Main Menu has the keyboard shortcut for ctrl+alt+del as the log out short cut. But, if I'm understanding you correctly, you say ctrl+alt+del is the gnome default for system monitor?

With all due respect here, which is correct?

[viking777]

LMDE Main Menu has the keyboard shortcut for ctrl+alt+del as the log out short cut

Not on my system. Ctl/Alt/Del gives me the system monitor. If yours is different I apologise, I only report what I see.

[malligt]

Here it is, unchanged from the time I downloaded and installed it. LMDE 2011 respin 32 bit.

[viking777]

Yes, I have that as well, but now look in gconf-editor apps/metacity/keybinding_commands in conjunction with apps/metacity/global_keybindings and look for the same run_command number in both and you will see what the OS actually takes notice of.

Now I have to say that I believe Ctl/Alt/Del should be mapped to the Log out command, but it isn't, at least not on my version of LMDE, and I would hardly have changed it myself to something that I think is wrong, would I?

[malligt]

You raise an interesting point.
Consider for a moment that a majority of persons encountering LMDE for the first time, would see it my way...that is to say that the command ctrl+alt+del wrongly shows system monitor.

Probably due to years of Windows XP/VISTA/7 usage.

BTW--I diligently tried to follow your instructions, got to gconif-editor...apps/metacity/keybinding settings/command # 9....and tried to edit it (rename) to gnome-log-off....and it failed.

So I'm still learning...

[viking777]

You raise an interesting point.
Consider for a moment that a majority of persons encountering LMDE for the first time, would see it my way...that is to say that the command ctrl+alt+del wrongly shows system monitor.

Probably due to years of Windows XP/VISTA/7 usage.

BTW--I diligently tried to follow your instructions, got to gconif-editor...apps/metacity/keybinding settings/command # 9....and tried to edit it (rename) to gnome-log-off....and it failed.

So I'm still learning...

Ah, well you are braver than me for even trying to remap it, I haven't

I believe the command you need is

Code: Select all

gnome-session-save --kill

but I haven't tested it so I could be wrong.