You are not logged in.

#1 2009-05-07 03:36:33

yingwuzhao
Member
Registered: 2009-01-13
Posts: 109

Serious security issue! I am scared!

I was just playing with my Arch, and I issue the cfdisk command as a normal user, NOT root,
but I can edit the partition table by fag the boot partition, and delete my swap!!!

It's accomplished as a normal user, not a root! when the system is running!
I am scared now!!

sad:(:(

Offline

#2 2009-05-07 03:41:48

Wintervenom
Member
Registered: 2008-08-20
Posts: 1,011

Re: Serious security issue! I am scared!

Run groups and make sure you didn't add yourself to disk.

Last edited by Wintervenom (2009-08-03 14:21:20)

Offline

#3 2009-05-07 03:51:02

yingwuzhao
Member
Registered: 2009-01-13
Posts: 109

Re: Serious security issue! I am scared!

omg, I am in the disk group.
So is normal user not supposed to be in disk group?
how do I get out?

BTW, what are the groups that the normal user should be? I have the following:

tty disk wheel video audio optical storage users

I set this up according some Arch Tutoring.
thanks.

Last edited by yingwuzhao (2009-05-07 03:54:09)

Offline

#4 2009-05-07 03:56:28

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

Re: Serious security issue! I am scared!

I would just use

sudo gpasswd -d YOURUSERNAME disk

to remove yourself from the group. I'm not in the disk group pretty much for the reason you addressed in the first post. I leave that to root.

The groups you mention in your EDIT are good. http://bbs.archlinux.org/viewtopic.php?id=58194

EDIT: Removing yourself from group wont take effect until you restart, I believe..

Last edited by milomouse (2009-05-07 03:58:10)

Offline

#5 2009-05-07 04:00:32

yingwuzhao
Member
Registered: 2009-01-13
Posts: 109

Re: Serious security issue! I am scared!

Thanks a lot!

smile

Offline

#6 2009-05-08 05:18:36

ploxiln
Member
Registered: 2006-10-27
Posts: 50

Re: Serious security issue! I am scared!

I'm not in the tty group or in the wheel group, and I've never had permissions problems doing anything (including su to root, so... what's wheel for on arch again?).

Offline

#7 2009-05-08 05:45:11

yingwuzhao
Member
Registered: 2009-01-13
Posts: 109

Re: Serious security issue! I am scared!

wheel group is the for you to use sudo, which many people hate but I like it.
wink

Offline

#8 2009-05-08 06:09:02

tdy
Member
From: Sacremende
Registered: 2008-12-14
Posts: 440

Re: Serious security issue! I am scared!

yingwuzhao wrote:

omg, I am in the disk group.
...
I set this up according some Arch Tutoring.

Do you mean the wiki?  If so, do you remember which page?  That part needs to be changed.

Offline

#9 2009-05-10 07:18:05

tomd123
Developer
Registered: 2008-08-12
Posts: 565

Re: Serious security issue! I am scared!

The beginner's guide doesn't say you should add the normal user to the disk group.

Offline

#10 2009-05-10 08:27:07

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

Re: Serious security issue! I am scared!

Maybe he means:   http://archux.com/page/what-do-after-yo … arch-linux

I didn't use it myself but I saw it once before. It says to add to disk.

Adding a user

First of all, you will need to add a user. I am assuming you are logged in as root.

adduser

Fill in the details until you get to "Additional groups". Put in

tty,disk,video,audio,optical,storage
If you are going to use sudo
Add "wheel" to save a little bit of time later

I would definitely recommend the Arch Wiki instead.

Last edited by milomouse (2009-05-10 08:28:20)

Offline

#11 2009-05-10 09:57:48

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: Serious security issue! I am scared!

Well following various "tutorials" means you implicitly trust the person who wrote them. So there's no security problem with arch, it's a problem that people blindly do what a random person who they don't know writes on the "internets".
I remember that some "tricksters" on ubuntu forums were posting various "good advices" of running "sudo rm -rf /", now is that a security problem?

Offline

#12 2009-05-10 11:27:03

zodmaner
Member
Registered: 2007-07-11
Posts: 653

Re: Serious security issue! I am scared!

I also don't think you need to be in tty group (what does this group do anyway?).

Offline

Board footer

Powered by FluxBB