Den tis 1 aug. 2023 kl 22:48 skrev Steffen Nurpmeso <steffen(a)sdaoden.eu>:
Niklas Karlsson wrote in
|
|To be fair, local root exploits are a bit of a different animal from
|remote ones. Even now, if you have physical access to your average *nix
|box, you can likely gain root. Sure, there are ways and means of
I find this a provocative statement even in the silly saison.
I would assume that despite EFI firmware snooping key presses when
entering the disk key on cold boot, or other sort of nifty spying
(the famous USB sticks that "turn into keyboards and send key
presses" (as root?) cross my mind), i would think that you have
a hard time as a normal user to become root. On this box; even
though you are not further separated via "ip netns exec .. unshare
.." etc.; some SETUID programs exist
[...]
I'm sorry, I'm having trouble parsing what you're saying here, other than
that a physically present user would have difficulty becoming root. But
yes, obviously an encrypted disk would present a major obstacle.
|preventing that, but IME it's really only people doing really secret
|spook stuff that bother with those. Even engineering outfits with big
|secrets to protect usually don't bother.
|
|What you did with that RS/6000 sounds roughly equivalent to booting a
|modern Linux box in single-user mode, where you can also set the root
|password to anything you like.
Not here.
Very well, then your installation is a lot more ambitious than most I've
come across.
Niklas