Author Topic: new security idea/question  (Read 902 times)

Stryker

  • VIP
  • Member
  • ***
  • Posts: 1,258
  • Kudos: 41
new security idea/question
« on: 25 June 2003, 03:12 »
I was wondering if it would be at all possible to have a login required before loading the drivers. With a few exceptions of course. I'd make the passwd and shadow files on it's own small partition with a very strange filesystem, like hpfs or something i'd never use. Have the kernel load that, then ask for a login. If authenticated then go on to load the rest of the drivers (ext3, scsi, network cards...). This I think might significantly increase security. Not that it is necessary of course. I've also been playing with the idea of securing the boot loader somehow.

Any ideas of how to implement this?

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
new security idea/question
« Reply #1 on: 26 June 2003, 01:14 »
quote:
Originally posted by Stryker:
I was wondering if it would be at all possible to have a login required before loading the drivers. With a few exceptions of course. I'd make the passwd and shadow files on it's own small partition with a very strange filesystem, like hpfs or something i'd never use. Have the kernel load that, then ask for a login. If authenticated then go on to load the rest of the drivers (ext3, scsi, network cards...). This I think might significantly increase security. Not that it is necessary of course. I've also been playing with the idea of securing the boot loader somehow.

Any ideas of how to implement this?




LILO can support password locking of OS entries.
To really be effective, of course, the BIOS must be set to boot from HD only.  This also, of course, necessitates password locking of the BIOS.  

Of course, there is no possible way to be 100% secure if someone has physical access to the machine.  

I assume GRUB has similar properties but this is just a guess.
In brightest day, in darkest night, no evil shall escape my sight....

Stryker

  • VIP
  • Member
  • ***
  • Posts: 1,258
  • Kudos: 41
new security idea/question
« Reply #2 on: 26 June 2003, 02:13 »
yeah but I want to have it take advantage of the linux passwd and shadow files, that's why I was thinking i'd likely have to mount that partition (the small partition that would hold only those files), then afterwards go on to other drivers. I'm just not sure how to go about it. The only real way I see if being possible is getting into the kernel's source and making quite a massive edit to it.

flap

  • Member
  • **
  • Posts: 1,268
  • Kudos: 137
new security idea/question
« Reply #3 on: 26 June 2003, 14:40 »
What's the point, since shadow isn't readable by non-root users anyway?
"While envisaging the destruction of imperialism, it is necessary to identify its head, which is none other than the United States of America." - Ernesto Che Guevara

http://counterpunch.org
http://globalresearch.ca


mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
new security idea/question
« Reply #4 on: 26 June 2003, 21:39 »
How about writing/modifying a password authentication program and then putting a call to it in /etc/inittab before the module loading line?
In brightest day, in darkest night, no evil shall escape my sight....