Greg Lopp on 16 Dec 2005 16:57:07 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] EXT2 for Windows


If you don't have physical security, you don't have security.

This is the same security issue raised by any live CD. If I can reboot your machine, then I can make myself root somehow.

Eugene Smiley wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was using the Mozilla Stumble Toolbar today and just ran into this
site: http://www.fs-driver.org/ which is a windows driver to read and
write EXT2 filesystems.

First, I'm kinda stunned. Has anyone heard of and tried this yet?

Second, It would seem that if you do dual boot, that this actually
opens a security hole. " The current version of the Ext2 file system
driver does not maintain access rights. All users can access all the
Ext2 volumes that a drive letter is created for. For example, if a
drive letter has been created for an Ext2 volume, which is the root
volume of a Linux installation, you can simply read and modify files
such as /etc/passwd and /etc/shadow. User names are readable and
passwords of these users can be quite easily cracked and modified!"

Double edged sword, anyone?



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ6LvLekD7QKn7f0vEQJB4gCfTgFaU8knk0gfeAcSp+Z0wut6GQsAnRqf
rpFENXjFcz3Or5EEpRhaF7Bp
=BLqj
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug





___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug