[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] password recovery

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] password recovery
From: "Abidis Solano" <abielikesu@xxxxxxxxxxxxxx>
Date: Mon, 26 Jul 2004 12:43:52 -0500 (COT)
Delivered-to: mailing list suse-security@xxxxxxxx
Importance: Normal
In-reply-to: <28BB724E-DF00-11D8-9D51-000A9567DDDE@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <ICELJOHAGNAFJPFMMBKOCEDFCNAA.thomas.knight@xxxxxxxxxx> <200407261258.14856.rikjoh@xxxxxxxxx> <28BB724E-DF00-11D8-9D51-000A9567DDDE@xxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: SquirrelMail/1.4.2

And what if I use LVM? how do I mount root manually?

-- 
Abidis Solano Nova
http://www.minuevaweb.com

> On Jul 26, 2004, at 12:58 PM, Rikard Johnels wrote:
>
>> On Monday 26 July 2004 11.01, Tom Knight wrote:
>>>>>> On Sunday 25 July 2004 18.44, Antun Balaz wrote:
>>>>>>> And what if the filesystem is encrypted?
>>>>>
>>>>> -----------8<------------
>>>>>
>>>>>> Mount it the usual way for encrypted systems. I dont use it so i
>>>>>> cant
>>>>>> tell you how. The actual filesystem isnt relevant. As long as you
>>>>>> can
>>>>>> access it ok. Just mount it rw and chroot into it.
>>>>>
>>>>> But if the FS is encrypted with the root-PW
>>>>> you`ve got _real_ trouble.
>>>>
>>>> Correct me if I'm wrong but I'd say "In that case you are cooked!!"
>>>>
>>>> Not that i know much of encrypted FS's, but id say you are pretty
>>>> lost by
>>>> then. Unless you can brutecrack the encryption with some forensics
>>>> software...
>>>
>>> Start looking for post-it notes near the console....
>>>
>>> Tom.
>>
>> LOL! Well unfortunately that IS a relevant observation...
>> (Been there, done that, trashed the user badly for compromising the
>> security)
>> But all jokes aside.
>> If you DON'T know the password for the encryption, i think you are
>> lost...
>>
> Well, that's the idea of encryption, isn't it? There might however be a
> chance to find the encryption key on the swap partition. I haven't
> looked at the code if it is really impossible that the relevant pages
> get swapped out.
>
> But, just to reiterate what has been said earlier: if the root
> partition is not encrypted, you can always boot with init=/bin/sh and
> do whatever you want. inittab doesn't matter because /bin/sh is not
> known to read that file, and it doesn't ask for any password either.
> ;-)
>
> Regards,
> 					Roland
>
> --
> TU Muenchen, Physik-Department E18, James-Franck-Str. 85747 Garching
> Telefon 089/289-12592; Telefax 089/289-12570
> --
> A mouse is a device used to point at
> the xterm you want to type in.
> Kim Alm on a.s.r.
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] password recovery
  - From: Lars Ellenberg

References:
- RE: [suse-security] password recovery
  - From: Tom Knight
- Re: [suse-security] password recovery
  - From: Rikard Johnels
- Re: [suse-security] password recovery
  - From: Roland Kuhn

Prev by Date: Re: [suse-security] Installin Nesssus on SuSE 9.0
Next by Date: Re: [suse-security] password recovery
Previous by thread: Re: [suse-security] password recovery
Next by thread: Re: [suse-security] password recovery
Index(es):
- Date
- Thread