flat assembler
Message board for the users of flat assembler.

Index > Linux > linux security?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Octavio



Joined: 21 Jun 2003
Posts: 366
Location: Spain
Octavio 17 Feb 2008, 19:38
Hello i'm using ubuntu 7.10 and looking on the swap file (with another os)
i found my user id and password ,not encripted,just in plain text.
Is this a bug or a feature?


Last edited by Octavio on 20 Feb 2008, 16:20; edited 1 time in total
Post 17 Feb 2008, 19:38
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo 19 Feb 2008, 03:01
It's probably a bug. Then again, I think Ubuntu targets home users, and as such, security (i.e not letting private data be in the swap file) is low on their priority list. Most home users don't go snooping around there anyways. Wink

If you want, report it as a bug (and hope the bug doesn't require kernel recompile, upgrading X11, glibc, bash, gcc, etc.).
Post 19 Feb 2008, 03:01
View user's profile Send private message Visit poster's website Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 533
drhowarddrfine 19 Feb 2008, 03:04
I doubt it's a bug and I'm sure it has nothing to do with them targeting home users.
Post 19 Feb 2008, 03:04
View user's profile Send private message Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo 19 Feb 2008, 13:18
Please remember that the swap partition is used just like RAM and you need local access to the hardware in order to be a security threat (just like RAM)

That said, it is disturbing that the password is to be stored in plain, anywhere. There's no need to do that and probably it is not just on ubuntu.
I will consider it however a securuty issue and the kernel people might be interested.
Post 19 Feb 2008, 13:18
View user's profile Send private message Yahoo Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 19 Feb 2008, 13:45
It probably means you have too little RAM in the machine Smile

- it's easy enough to set up encrypted swap, btw, if you have an okay CPU.
Post 19 Feb 2008, 13:45
View user's profile Send private message Visit poster's website Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 533
drhowarddrfine 19 Feb 2008, 17:03
I still find it hard to believe they don't encrypt it first. If there has always been this issue, you'd hear screaming about it long ago.
Post 19 Feb 2008, 17:03
View user's profile Send private message Reply with quote
Octavio



Joined: 21 Jun 2003
Posts: 366
Location: Spain
Octavio 19 Feb 2008, 20:49
f0dder wrote:
It probably means you have too little RAM in the machine Smile

- it's easy enough to set up encrypted swap, btw, if you have an okay CPU.

512MB of ram,it would be easy to not use virtual memory with programs that manage passwords.
The pasword is also in the filesystem (don't know yet in wich file).
Also is curious that ext2fs on my machine is much more fragmented than
fat32 filesystems (and i don't use defrag),and there are about 100000 files while a winxp installation only creates about 15000 files.
To get the password it is needed to have acces to the computer,but once you get it .... how many more computers can be accessed with this same data?
encription?
are you sure encriptions keys are not on the hard disk too ?
Post 19 Feb 2008, 20:49
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 19 Feb 2008, 23:28
Octavio wrote:
512MB of ram,it would be easy to not use virtual memory with programs that manage passwords.
Theoretically, yes, but programs tend to keep the password in (stack) local variables or (heap) dynamic allocated memory. Dunno if there's a way for usermod apps on *u*x to specify that they want non-paged memory, but you can be sure that 99% of all apps dealing with passwords aren't using it, even if available Smile

Octavio wrote:
The pasword is also in the filesystem (don't know yet in wich file).
It should only, really, exist as md5hash(salt+password).

Octavio wrote:
Also is curious that ext2fs on my machine is much more fragmented than
fat32 filesystems (and i don't use defrag),and there are about 100000 files while a winxp installation only creates about 15000 files.
Linux people tend to claim that their filesystems don't fragment, but that's obviously bullshit... the truth is that they're less prone to fragmentation than FAT, and that when there aren't any decent defraggers, it's best for them to claim "we don't fragment" Wink. As for count of files, ho humm, a lot of them are virtual device and dynamic /proc nodes. And then the zillions of config files because of the lack of a registry Smile

Octavio wrote:
encription? are you sure encriptions keys are not on the hard disk too ?
I believe the crypto systems (at least loop-aes) is pretty anal about keeping crypto keys in non-paged memory. And for swap, random crypto keys are generated on each boot, and not stored on disk anywhere.
Post 19 Feb 2008, 23:28
View user's profile Send private message Visit poster's website Reply with quote
gunblade



Joined: 19 Feb 2004
Posts: 209
gunblade 19 Feb 2008, 23:33
I wouldn't complain to the ubuntu people about this, they will either not care/or wont be able to do anything about it.

Swap is just an extension of ram.. therefore private data will be stored there.. the fact that your password is being stored as plaintext will be the fault of one of the programs that you use. This depends on what you use (it could be your login, your messaging client, your web client.. who knows).

If you really are worried about someone accessing your swap file, then don't use one.. would be the safest way to go. Encrypting your swap partition will not help, since while the machine is running, it would still be accessible, that would only help if someone grabbed your HD after your machine shut down.

This will happen on any system you use.. depending on what programs you use. If even one program were to keep your password in plaintext, then your password will be in the ram and/or swap.

As for the large amount of files on the system.. you have to be careful how you search.. /dev contains a large amount of "device files", which are not really files, they are more like... links to devices.. (bad terminology.. but basically they are 0 bytes big). Theres also /proc, which contains more "fake files" that contain information.. but its actually data gathered at runtime by the kernel.. so accessing one of those files is actually accessing some part of kernel ram so that you can find out say.. the temperature of your processor.. rather than accessing the HD.


Another quick comment on the password thing.. I assume you found it by searching through the file for your password itself.. which makes it easy to find.. but imagine you did not know the password.. are you going to go and look through 512MB/1GB/etc.. of garbage data and try any and all ascii strings you find as a password? I mean, dont get me wrong.. programs shouldnt store password plain-text, and if you find out which program is storing your password in that way, then it may be wise not to use it anymore, or file a bug report with the program developers (not with the ubuntu developers.. they dont make the kernel, nor the programs.. they just package stuff that others make).
Post 19 Feb 2008, 23:33
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 19 Feb 2008, 23:43
gunblade: do keep in mind that on most systems, the entries in /dev do exist as filesystem entries, instead of being generated dynamically in RAM... so they do take up a slight bit of disk space, and (until filesystem cached) probably involve some disk access to look up major,minor node numbers. /proc is dynamic, though.

As for sifting through the swap partition, they're usually only a few gigs, and there's the gnu "strings" program, followed by sort+uniq...
Post 19 Feb 2008, 23:43
View user's profile Send private message Visit poster's website Reply with quote
Octavio



Joined: 21 Jun 2003
Posts: 366
Location: Spain
Octavio 20 Feb 2008, 00:15
>If you really are worried about someone accessing your swap file, then >don't use one..
did not know linux can work without it, how can be disabled?

>This will happen on any system you use.. depending on what programs >you use. If even one program were to keep your password in plaintext,
IMHO this is a bad design,programs should not have acces to the password

>As for the large amount of files on the system.. you have to be careful >how you search.. /dev contains a large amount of "device files", which
I used OctaOS and my driver only supports normal files and directories
(filetypes 0,1,2) don't know what to do with devices,links etc..
also noticed a lot of 0 bytes files from uninstalled programs Shocked

>Another quick comment on the password thing.. I assume you found it >by searching through the file for your password itself.. which makes it >easy to find.. but imagine you did not know the password..
the user id is just before the password ,and unless you are alone when
using your computer ,somebody else can view it.
>are you going to go and look through 512MB/1GB/etc.. of garbage data >nd try any and all ascii strings you find as a password?
i'm a linux newbie but perhaps some experts know how to search.
well, i really don't care about security ,i just assume that nothing is secure.

> the truth is that they're less prone to fragmentation than FAT
i don't think so, is more a software problem, DOS was designed to use litle
memory and simple algorithms ,while linux uses more memory and some strategies to keep fragmentation low.
about file allocation ,ext2fs is not better than fat.
Post 20 Feb 2008, 00:15
View user's profile Send private message Visit poster's website Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 533
drhowarddrfine 20 Feb 2008, 02:38
I just briefly looked in my FreeBSD book and even there it says passwords are stored encrypted and Linux does too, so this doesn't make sense to me.
Post 20 Feb 2008, 02:38
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 20 Feb 2008, 03:56
drhowarddrfine wrote:
I just briefly looked in my FreeBSD book and even there it says passwords are stored encrypted and Linux does too, so this doesn't make sense to me.

Encrypted (for old /etc/passwd , deprecated) passwords, salt-md5+hashed for shadow passwords... but that's only on disk, not in memory.

_________________
Image - carpe noctem
Post 20 Feb 2008, 03:56
View user's profile Send private message Visit poster's website Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 533
drhowarddrfine 20 Feb 2008, 14:23
I thought he was talking about on disk. Still don't see why it would not be encrypted in memory, too. Like I said, if this is an issue, I'm sure someone would already be talking about it.
Post 20 Feb 2008, 14:23
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 20 Feb 2008, 14:28
drhowarddrfine wrote:
Like I said, if this is an issue, I'm sure someone would already be talking about it.
That type of reasoning is why unlicensed street vendors can keep selling: everybody just thinks that if it was not licensed someone would have already complained, and so the result, no one complains.
Post 20 Feb 2008, 14:28
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 20 Feb 2008, 15:24
I checked my Ubuntu 7.04 swap partition while on W2000 OS and did not find my password or user id there either as plain text ASCII or unicode.
Post 20 Feb 2008, 15:24
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 20 Feb 2008, 16:00
Alphonso wrote:
I checked my Ubuntu 7.04 swap partition while on W2000 OS and did not find my password or user id there either as plain text ASCII or unicode.


You obviously need to have been in a low-memory situation for it to get paged out...

_________________
Image - carpe noctem
Post 20 Feb 2008, 16:00
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 20 Feb 2008, 16:58
f0dder wrote:
You obviously need to have been in a low-memory situation for it to get paged out...
With 320Meg of RAM that's not all that uncommon. It would be nice to know what was responsible for it happening but for me, not that important right now.
Octavio, AFAIK you can use 'sudo swapoff -a' and 'sudo swapon -a' to turn off and on your swap, never tried it though. Wink
Post 20 Feb 2008, 16:58
View user's profile Send private message Reply with quote
daniel.lewis



Joined: 28 Jan 2008
Posts: 92
daniel.lewis 21 Feb 2008, 06:22
Sounds right.

Both Windows and Linux passwords are extremely hack-able simply by virtue of their engineering being so well known; and because on modern processors, software cannot tell if the "warden" is looking.

Humorously, Microsoft actually provides a scriptable API to automatically retrieve windows passwords. Go ahead and run that screensaver... : o

I personally think that small, obscure OS's are more secure simply by virtue of hackers needing to learn an entirely new environment for only a small victim domain.
Post 21 Feb 2008, 06:22
View user's profile Send private message Reply with quote
Octavio



Joined: 21 Jun 2003
Posts: 366
Location: Spain
Octavio 21 Feb 2008, 10:07
I found my password on the file .bash_history wich stores all the commands you write on the terminal,the password is just after a sudo command so i suppose i write it accidentally without bein asked,sudo only
ask the password the first time but i wrote too fast Embarassed
But i'm not sure if this is the cause of the user id and password in the swap file.If you don't find it on yours computers then it is probably my mistake.
Post 21 Feb 2008, 10:07
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.