Stop Microsoft

Operating Systems => Linux and UNIX => Topic started by: Stryker on 25 June 2003, 03:12

Title: new security idea/question
Post by: Stryker on 25 June 2003, 03:12: I was wondering if it would be at all possible to have a login required before loading the drivers. With a few exceptions of course. I'd make the passwd and shadow files on it's own small partition with a very strange filesystem, like hpfs or something i'd never use. Have the kernel load that, then ask for a login. If authenticated then go on to load the rest of the drivers (ext3, scsi, network cards...). This I think might significantly increase security. Not that it is necessary of course. I've also been playing with the idea of securing the boot loader somehow.

Any ideas of how to implement this?
Title: new security idea/question
Post by: mobrien_12 on 26 June 2003, 01:14: quote:
Originally posted by Stryker:
I was wondering if it would be at all possible to have a login required before loading the drivers. With a few exceptions of course. I'd make the passwd and shadow files on it's own small partition with a very strange filesystem, like hpfs or something i'd never use. Have the kernel load that, then ask for a login. If authenticated then go on to load the rest of the drivers (ext3, scsi, network cards...). This I think might significantly increase security. Not that it is necessary of course. I've also been playing with the idea of securing the boot loader somehow.

Any ideas of how to implement this?

LILO can support password locking of OS entries.
To really be effective, of course, the BIOS must be set to boot from HD only. This also, of course, necessitates password locking of the BIOS.

Of course, there is no possible way to be 100% secure if someone has physical access to the machine.

I assume GRUB has similar properties but this is just a guess.
Title: new security idea/question
Post by: Stryker on 26 June 2003, 02:13: yeah but I want to have it take advantage of the linux passwd and shadow files, that's why I was thinking i'd likely have to mount that partition (the small partition that would hold only those files), then afterwards go on to other drivers. I'm just not sure how to go about it. The only real way I see if being possible is getting into the kernel's source and making quite a massive edit to it.
Title: new security idea/question
Post by: flap on 26 June 2003, 14:40: What's the point, since shadow isn't readable by non-root users anyway?
Title: new security idea/question
Post by: mobrien_12 on 26 June 2003, 21:39: How about writing/modifying a password authentication program and then putting a call to it in /etc/inittab before the module loading line?