Security workaround needed-Accessing Linux via DOS

Security workaround needed-Accessing Linux via DOS

Post by David J. Bleza » Fri, 04 Aug 1995 04:00:00



We have just completed the installation of about 50 Pentiums's in the
Computing Centers at the University of New Hampshire.  These machines
are configured to be duel platform that always boot to DOS, but can
become Linux systems via LOADLIN installing and running a Linux
Kernel.  

On the Linux side, we use NIS and NFS to allow users to log in with
their central Unix system userids and passwords and to have their home
directory available via NFS.

We have LOADLIN and the Kernel locked away from prying eyes.  The
floppy boot option is disabled at the BIOS level.  But a problem arises
if we have a determined student who comes in to the Computing Center
with a disk containing their own loader and Kernel image.  The student
copies these on to the DOS hard drive, runs the loader with their own
Kernel, and says root=/dev/fd0 to run the root file system off a
floppy disk that contains all of the utilties needed either to
remove the root password on the local Linux file system or to start
the Internet daemons off the floppy disk with the machine proper IP
address.

Either way, the student can log in as root and NFS mount the exported
volumes off the central systems that contain the campus mail spool and
everyone's home directories.  This is a BIG problem.

We are looking for solutions either that will prevent someone from
being able to run their own loader and kernel off the DOS hard drive
or will prevent root access to the central systems via NFS.

Also, if there are other's out the running Linux in a student
computing center environment, I'd be grateful to hear of any
experiences that you have had, both good and bad, with doing so such
that we can learn from previous experience.
--
  Why???  Because we can!     -------------     David Blezard        

         / \                  |    er     |     Computing and Info. Services
        (   )                 |       Down|        and Zoology Department
         /_\    Acer          -------------     University of New Hampshire

 
 
 

1. Common DOS wants/needs/desires and Linux workarounds

Okay...if I may break away from the Windows debates and actually use this
group to help promote Linux :)

In an effort to help promote Linux, some of the questions that will always
need to be answered are "I can do xxx under DOS/Windows, can Linux do that?"

Being a part of the Atlanta Linux Enthusiasts, I would like to be able to have
some sort of a list made up of different situations like this, such as:
DOS: I use DOS for Lotus to keep track of my checkbook, can I do that under
        Linux.
Linux: You can run Lotus 1-2-3 under the DOS emulator, and keep it exactly the
        same, or you can use sc, or xsc under X-Windows.

DOS: The only thing I really use my PC for is drawings under Paintbrush under
        Windows.
Linux: Use xpaint, or ...

DOS: I use Procomm for Windows to connect to our machine at work and work from
        home, while listening to a CD in the back ground, writing postscript
        documents, and playing around with this new Microsoft printing language
        called TeK.  
(sorry...had to make fun of Microsoft/DOS users belief that MS make it all :)
Linux: Use Seyon/Minicom, workman, ghostscript and TeX.  You may even want to
        look into SLIP/PPP.

DOS: I have this game called DOOM...  :)

You get the idea...
Anyone.  Most of mine were basically DOS programs that could be run under
Linux or had equivilants.  Couldn't think of any harder examples.

        -Dan

--

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"And the man in the mirror has sad eyes."       -Marillion

2. DNS with Linux and Kernel 1.2.13... What're 1.3 Krnls like?

3. Accessing DOS BBS via Linux Telnet?

4. X.25 supported by Linux?

5. Need Help DOS<->Linux via Serial

6. Virtual Hosts (was: Irix beats Solaris in this regard?)

7. Accessing a CD-ROM drive via Linux NFS in a diskless machine - help needed

8. Arg! ttyS0, Login: but no Password:!

9. Troubles to accessing Linux via ethernet networking ---- need help!

10. Telnet/Rlogin access needed via Apache on Linux

11. Need Write Access to Linux ext-fs from DOS/Win95!

12. Sort-of workaround for Via pro133a IDE interrupt loss

13. via timer/clock problem workaround