[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

ChangingLINKS.com groups at ChangingLINKS.com
Thu May 19 17:06:53 EDT 2005


On Thursday May 19 2005 14:46, Geoffrey wrote:
> >>Re-flashing the BIOS is minor to rebuilding past work.
>
> How do you flash the bios to start with?  You must boot the machine,
> usually from a floppy. 

Why are you on this line of thinking?

I posed a challenge and you accepted it.
Next, some people made the assumption that I am using a system design that is 
read-only.

With that, you began to bring up destroying the bios - whereas before, (if I 
remember correctly) you and others were planning to use traditional attacks 
on the system (viruses, trojans, rm -rf /, etc). The latter attacks are more 
common and closer to the topic of "running-as-root" but, I structured the 
challenge and will honor it regardless of the strategy you pick. 
Lesson: I learned to stop describing my system though - not for security 
reasons as much as the invitation of more severe strategies.

As you know, you will not have physical access to the machine.
Therefore, you will have to do what you can while you are connected via 
network card. 

Can you flash the BIOS without rebooting the computer?
If not, will your strategy be effective?

You are not sure that if you reboot the machine that the network card will 
continue to be active. 

Moreover, one security feature that I may have on my box is . . .
. . . a script activated by a screensaver.

What does the script do?

root at 34[etc]# cat eth0down 
#!/bin/sh
/sbin/ifconfig eth0 down


I know some people would think that is a dumb idea, but I think it's 
"genius"  . . . 
On this box, I need the connection only when I am using the computer.


My hope is that you will still proceed with the challenge, concede my victory, 
or just take full responsibility for getting my system fully functional.

In either case, I am trying to position YOU so that you must take FULL 
responsibility to fix the remaining flaws in the system. I have worked on the 
problems enough that I procrastinate even when trying to THINK about possible 
solutions. 

I need fresh blood. You have a special talent to dig farther and will get MUCH 
better results than I have been able to. If it were YOUR system, I don't 
think that you would have these problems. The talent and energy that I have 
seen you work with is exactly what I prescribe for this box - not some guy 
that runs as root all the time. ;)

Also, I should mention here that while during phone conversations with a buddy 
and my father, I told them about this challenge. I mentioned that you are 
especially honorable - and would be more likely to make good on the agreement 
(before or after failing the challenge) than anyone else I know with Linux 
skills. 

While some backpeddle, and some make excuses, your "wiring"  seems to have far 
more integrity. With that belief, I excitedly explained it to my friends - 
that I am almost certain the group would fail to prove their point and my/our 
system will be completed!

I'd be far less optimistic if anyone else were to have accepted the challenge.
-- 
Wishing you Happiness, Joy, and Laughter,
Drew Brown
http://www.ChangingLINKS.com



More information about the Ale mailing list