boot - How is being able to break into any Linux machine through grub2 secure? - Ask Ubuntu

how ability of person gained physical access computer root steps in way secure?

1. when grub2 menu opens press e edit linux start options

2. change:

   "linux   /vmlinuz-2.6.35-23-generic root=uuid=e7f1e48d-0015-485f-be7d-836217a31312 ro   quiet splash"  

   to:

   "linux   /vmlinuz-2.6.35-23-generic root=uuid=e7f1e48d-0015-485f-be7d-836217a31312 ro init=/bin/bash" 

3. now have root access do:

   mount -o remount,rw / passwd user mount -o remount,ro /  sync 

4. reboot computer , win.

my question is, how being able break linux machine through grub2 secure? don't understand fact linux, thank answers.

how ability of person gained physical access computer root [using grub/bash] in way secure?

because if linux decided start doing that, hackers exploit other security holes. first rule of security if have physical access system, it's game over. i've won.

plus, imagine x server broke , don't have gui anymore. need boot recovery console fix things, can't, because that's insecure. in case, you're left totally broken system, hey, @ least it's "secure!"

but kaz, how possible? set password on grub can't change init bash!

oh, did, did you? interesting, because looks photo album. grub doesn't have inherent security factor @ all. it's bootloader, not step in secure boot , authentication chain. "password" you've set is, in fact, pretty darn easy bypass.

that, , sysadmin doesn't carry boot drive on them emergencies?

but how?! don't know password (which totally not p@ssw0rd btw)

yeah, doesn't stop me opening computer , pulling out hard drive. there, it's couple simple steps mount drive on computer, giving me access of system. has awesome benefit of bypassing bios password. that, or have reset cmos. either/or.

so... how not let access data?

simple. keep computer away me. if can touch it, access keyboard, insert own flash drives, or take apart, can win.

so, can put computer in datacenter or something? pretty secure, right?

yeah, are. but, you're forgetting humans hackable too, , given enough time , preparation, datacenter , siphon of sweet, sweet data off computer. digress. we're dealing real solutions here.

okay, called bluff. can't put in datacenter. can encrypt home folder or something?

sure, can! it's computer! stop me? not in slightest. can replace important, /usr/bin/firefox own malicious program. next time open firefox, of secret data siphoned off secret server somewhere secret. , won't know. or, if have frequent access machine, can set home folder copied /usr/share/nonsecrets/home/ or similar (non-encrypted) location.

okay, full disk encryption?

that's... pretty good. however, it's not perfect yet! can perform cold boot attack using trusty can of compressed air. or, can plug hardware keylogger computer. one's easier other, way doesn't matter.

in vast majority of cases, stopping place. maybe pair tpm (discussed below), , you're golden. unless you've angered three-letter agency or very motivated hacker, nobody's going go through effort required past stage.

of course, can still install malware/backdoors offering ppa or similar, gets murky area of user trust.

so... how iphones secure? physical access, there's not can do.

well, yes , no. mean, if motivated enough, read flash chip , need. but, iphones fundamentally different inasmuch they're locked down platform. but, @ same time, sacrifice usability , ability recover catastrophic failures. grub (except when designed) not meant chain in security system. in fact, linux systems have security chains start post-boot, after grub's finished doing thing.

plus, iphones have cryptographic signature enforcement (also discussed below), makes very hard malware sneak on phone through legitimate pathways.

but tpm/smartcards/[insert crypto tech here]?

well, you're pairing physical security equation, becomes more complicated still. but, isn't solution because tpms relatively weak , encryption doesn't take place on-chip. if tpm (somehow) strong enough encryption on chip (some fancy hard drives have this), key won't ever revealed , things cold-boot attacks impossible. however, keys (or raw data) might still present in system bus, meaning can intercepted.

even so, hardware keylogger can still password, , can load malware onto machine la firefox exploit mentioned earlier. need leave house/computer maybe hour.

now, if take tpm/smartcard/whatever you, , encryption done on chip (meaning key isn't stored in ram @ all), it's pretty practically impossible me in @ all, unless (the user) slips , forgets something. is, unless find way read (unencrypted) key system bus.

but if have form of cryptographic/digital signature enforcement on of programs make sure they're legit?

as demonstrated various smartphone companies, very way of dealing security. you've nullified ability inject code onto machine nefarious things, plus. effectively, you've disabled ability retain persistent access machine remotely, huge plus.

however, still isn't perfect method! digital signature enforcement won't stop hardware keylogger, one. needs bug-free, meaning there's no way can find exploit allows me load own certificate machine's certificate store. furthermore, means every executable on system needs signed. unless want manually go through , of that, it's going hard find apt packages , have digital signatures on everything. in similar vein, blocks legitimate uses unsigned executables, namely recovery. if break important, , don't have (signed) executable fix it? well, there goes system.

either way, effort this on linux has been abandoned , no longer works new kernels, you'd need create own.

so, it's impossible keep out of computer?

effectively, yes, sorry. if have physical access , enough motivation, always possible system. no exceptions.

in reality, though, evil people won't try go far cat pictures. typically, full-disk encryption (or running linux!) enough deter script kiddies having 2 seconds of fame.

tl;dr: don't let people don't trust near computer. that's typically enough.