Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: most damage a troll can make without root access

  1. #1
    Join Date
    Apr 2007
    Beans
    40

    most damage a troll can make without root access

    Hi all,

    I'm working in a hostel that has a computer for the guests to use. this computer (a simple nettop) was struggling with all the stuff it had, plus Vista, so I installed ubuntu 11.10. It's nice, clean, legal and fast. So far, so good.

    What worries me is that it's a pretty standard ubuntu installation, because I really don't know how to set up an internet kiosk. You can, for instance, open a terminal.

    So, my question is: what is the worst a possible linux-knowing troll could do, using the terminal, without having access to the root password?

  2. #2
    Join Date
    Oct 2011
    Beans
    75

    Re: most damage a troll can make without root access

    I'm really looking forward to what some of the experts have to say about this.

    However as someone who (occasionally) likes mess to around with public PCs (basically troll), I'd try to fork a bunch of processes to eat up CPU and memory, and maybe fill up the hard drive (home directory, temp, whatever I have access to).

  3. #3
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,807

    Re: most damage a troll can make without root access

    Quote Originally Posted by van_Zeller View Post
    Hi all,

    I'm working in a hostel that has a computer for the guests to use. this computer (a simple nettop) was struggling with all the stuff it had, plus Vista, so I installed ubuntu 11.10. It's nice, clean, legal and fast. So far, so good.

    What worries me is that it's a pretty standard ubuntu installation, because I really don't know how to set up an internet kiosk. You can, for instance, open a terminal.

    So, my question is: what is the worst a possible linux-knowing troll could do, using the terminal, without having access to the root password?
    Physical access is root access.

    They can drop to a recovery console and root shell prompt

    They could potentially boot to a Live CD, or use a USB

    Physical is root
    Feel Free to Bitcoin Tip: 135Rp4pwwYTHEJ4u8bxKaDQiC91N9LUoV2

    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  4. #4
    Join Date
    Nov 2006
    Beans
    1,204

    Re: most damage a troll can make without root access

    Quote Originally Posted by van_Zeller View Post
    Hi all,

    I'm working in a hostel that has a computer for the guests to use. this computer (a simple nettop) was struggling with all the stuff it had, plus Vista, so I installed ubuntu 11.10. It's nice, clean, legal and fast. So far, so good.

    What worries me is that it's a pretty standard ubuntu installation, because I really don't know how to set up an internet kiosk. You can, for instance, open a terminal.

    So, my question is: what is the worst a possible linux-knowing troll could do, using the terminal, without having access to the root password?
    change the password or install a windows look alike theme
    Last edited by Gremlinzzz; October 31st, 2011 at 03:58 AM.

  5. #5
    Join Date
    Apr 2007
    Beans
    40

    Re: most damage a troll can make without root access

    Quote Originally Posted by Gremlinzzz View Post
    change the password
    You can change the password without knowing the previous password??

  6. #6
    Join Date
    Nov 2006
    Beans
    1,204

    Re: most damage a troll can make without root access

    Quote Originally Posted by van_Zeller View Post
    You can change the password without knowing the previous password??
    yes i can

  7. #7
    Join Date
    Jun 2008
    Location
    Tennessee
    Beans
    3,421

    Re: most damage a troll can make without root access

    Well, they could pretty much trash the desktop, fill the browser with nasty shortcuts, drop scripts in there to do all kinds of malicious things.

    But rather than discuss that, why don't we discuss how to lock this thing down properly?

    I've set up a few internet kiosks in my day, usually I just override the kiosk user's .xinitrc file to only launch a simple window manager, rsync a fresh copy of the home directory, then launch a browser full-screen in an endless loop (so that when the browser is closed it just relaunches).

    Basically, my .xinitrc might look something like this:
    Code:
    xset s off
    xset -dpms
    
    matchbox-window-manager &
    
    while true; do
      rsync -qr --delete /usr/local/kiosk/ /home/kiosk/
      chromium-browser --app=http://example.com
    done
    This, of course, assumes that you have matchbox-window-manager installed, and that you have a clean copy of kiosk's home directory under /usr/local (you can put it anywhere that isn't writeable by the kiosk user).

    Let me know if this sounds useful, I can offer more suggestions. Been doing this kind of thing for years.

  8. #8
    Join Date
    Jan 2011
    Location
    San Diego, California
    Beans
    186
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: most damage a troll can make without root access

    Quote Originally Posted by van_Zeller View Post
    You can change the password without knowing the previous password??
    Yes. That is one of the implications of the method haqking mentioned.

    But basically, they can do anything they want. I'm sure there are ways to make it less obviously open, though.

    All that same stuff can be done in windows as well.

  9. #9
    Join Date
    Sep 2009
    Beans
    236

    Re: most damage a troll can make without root access

    so, i guess that there isn;t really anything you can do about the live cd/usb issue (except using a secure booted device). the ubuntu having no root password is something that can apparently be changed, which might be advisable. also you could look at using open suse or fedora, or another distro, which uses root password.

    i seem to remember that windows has a program called deepfreeze, which prevents users affecting any changes to it.

    also i think a fork-bomb still works, to make to make Ubuntu freeze up. eg:
    <snip>
    Last edited by Elfy; October 31st, 2011 at 05:24 PM. Reason: forkbomb

  10. #10
    Join Date
    Jul 2008
    Beans
    2,887

    Re: most damage a troll can make without root access

    Quote Originally Posted by F.G. View Post
    so, i guess that there isn;t really anything you can do about the live cd/usb issue (except using a secure booted device). the ubuntu having no root password is something that can apparently be changed, which might be advisable. also you could look at using open suse or fedora, or another distro, which uses root password.

    i seem to remember that windows has a program called deepfreeze, which prevents users affecting any changes to it.

    also i think a fork-bomb still works, to make to make Ubuntu freeze up. eg:
    <snip>
    You can only keep the honest person out.
    Last edited by Elfy; October 31st, 2011 at 05:24 PM. Reason: forkbomb

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •