Privilege escalation / compromising administrator rights

[twipley]

I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.

Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters.

What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?

[bodhi.zazen]

Physical access is root access and, IMO, despite all you say, I am not convinced you can lock down a machine as much as you seem to think.

With that in mind, I use the guest account on Ubuntu and confine it with apparmor.

As an alternate I use the xguest account on Fedora which is confined by selinux. I figure both are sufficient for the privacy of both parities when friends and family visit.

[twipley]

Confining the guest account through jailbashing:
http://ubuntuforums.org/showthread.php?p=11087889

(for users possessing sound knowledge of the "workings behind the wheels.")

[twipley]

Physical access is root access

Sorry. What are you meaning by that? The whole first post went by presuming both were not necessarily equal. Care to elaborate?

to bodhi.zazen metaphysics.

[bodhi.zazen]

I believe if someone has physical access the have root access in that they can boot a live CD or pull the hard drive or do what it takes to access and alter your data.

The only protection you have, IMO, is encryption.

IMO if you wish to protect your data, encrypt it, ie LUKS. That way, even if someone pulls the hard drive, they still can not decrypt the data.

I do not place much trust in most of what you listed to restrict such activity (BIOS passwords, grub passwords, etc), there are too many ways to work around those measures.

Sure they may stop casual users/crackers (I do not expect guests in my home to pull our my box and start loosening the screws), but they will not significantly deter an experienced cracker.

[twipley]

I do not expect guests in my home to pull out my box and start loosening the screws.

I think you are right in that matter. You know, if you expected them to do that, I think you would not permit them to enter your home in the first place.

[bodhi.zazen]

I think you are right in that matter. You know, if you expected them to do that, I think you would not permit them to enter your home in the first place.

So , what I am saying, is just use the so called guest account and you will be fine.

Make sure your home directory has "private" settings (770) .

If you are truly paranoid, use the xguest account on Fedora, it is basically a kiosk mode confined by selinux. This means your guests can log in to web interfaces, and as soon as they log out of the guest account, any information they entered is wiped clean. Sort of protects both parties

[Dangertux]

I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.

Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters.

What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?

In addition to the very good info you've already been given a more simple answer to your question is yes, escalation is VERY possibly from a guest account.

Even if you use Apparmor/SELinux, there is a possibility that an escalation can occur.

I think some of the problem here is that you may not understand fully how local escalation works. If you would like , you can read this article, it is a little bit old, but still very interesting and should help you understand better how escalation works.

http://news.softpedia.com/news/Ubunt...s-146854.shtml

Also -- I agree with anyone who is saying physical access is root access. Especially if you're talking about LENDING someone the computer. For instance, like another poster said, nobody is going to start taking your computer apart in your home. However, if they have it in THEIR home, they can pretty much do what the want with it without you knowing.

Just something to think about. If you're going to lend out your computer , why not do something like what retail stores do when they lend a computer while someone else's is in the shop, just re-image it when it comes back.

That is my thought on the subject, if you really get into it, if someone wants into something bad enough. They will get it, nothing is 100% secure. That is why "theoretical" discussions are somewhat pointless. You have to look at what is REALISTICALLY going to happen. Now if someone is realistically going to have physical access to your machine outside of your view. Then, no it is not secure. No matter what you do to it.

[doas777]

Sorry. What are you meaning by that? The whole first post went by presuming both were not necessarily equal. Care to elaborate?

to bodhi.zazen metaphysics.

I understand that you are trying to eliminate vectors, but with physical access, where there is a will there is a way. no computer case will stop a guy with a hacksaw. in the long run you can never completely eliminate the physical vectors.

[bodhi.zazen]

Even if you use Apparmor/SELinux, there is a possibility that an escalation can occur.

While all things are possible, I would not dismiss either apparmor or selinux so fast. Both would stop the vulnerability you cited short in it's tracks.