From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20001 invoked from network); 18 Jan 2023 20:36:11 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 18 Jan 2023 20:36:11 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 68ACB4240F; Thu, 19 Jan 2023 06:35:36 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuhs.org; s=dkim; t=1674074136; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-owner:list-unsubscribe: list-subscribe:list-post; bh=0jk2wEPY3BRCuhykJGWsWmKfA7AIo45UlJiwhFP6P58=; b=0T0y9agLA2yAoRaGGX41uKHH7L9u1YpfVG40gQBjmHW6+u6BSvkn7eHX0AGf54IbI25XD5 iqlfWCEdCG/04TEi+sZWu3ff+ZCZXrvQrBGkfXSIcM+muqxFI6A5RgZMDQBVEBKOWxaia5 cX1MTAscQ1c77qT1RfV3mg+wP7NJbGw= Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) by minnie.tuhs.org (Postfix) with ESMTPS id D5D0142407 for ; Thu, 19 Jan 2023 06:35:28 +1000 (AEST) Received: by mail-ej1-f44.google.com with SMTP id tz11so356464ejc.0 for ; Wed, 18 Jan 2023 12:35:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=0jk2wEPY3BRCuhykJGWsWmKfA7AIo45UlJiwhFP6P58=; b=dQ6VG8mjRLigE39KdLPqZrsau3fqrtwWzhPDoz0e0Cj70woDbLnVgGMNhswHRKsHav JOpCKwcIVzFNEeia4z/J9XWjKtn9VEDNugTXvupkSL3DSjPh1mXVoRE9gqrsA3VJ/Fu/ 0uik5+RWoNmVyK6BYfWF5OVFMDMUv60nKN9Ms= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0jk2wEPY3BRCuhykJGWsWmKfA7AIo45UlJiwhFP6P58=; b=dR6abV9ccpWg9AZvpPOmwuZrTHeIsKLRRyoWVF24T9zhTum6sPjzI/ulHlbv7C8j4I 3CEafVpVz/9aiukW0voKXAel7xTJXwAE9s2dGj4M2AYyV4rTR0a1v44XGWc+5NkySwCP UL3NWlzNW8oYwFvD7RMNH/shWRAPq8LBqBOseUSFkBD7xRiY/RGCsrkBWjXyEV+aqNyE r6qcq8DC8NWsunAOMX4pgTE3Q95KcGDjRiYHF2AqIvY5UX0jAfliRmc7cxcWtpxD9Z1m XaXCLdXAJ0yEPn6dsZgWtlRv392rIwAmzUXtllD1QLXn2clnszXzzjONydcWMSW/UgzG 1fTA== X-Gm-Message-State: AFqh2ko9aHxRRRdzT1AskE/CAlukV5zCzM8Ndw4SlGFS+bAaSNYN/PfU 5gvZGlv5wzOZvC7IBxTZJsBLKeUF+rNZW7IG+55VZgLEcQYisOoFiwg6GjoPaqlK2pxGz3BR3Y1 rH41tVw0UnxO0i4kMFCM1zZrppxOsSY/2hR3TqbX7qyZTKCIk3+whtDFYfcd6MA2x X-Google-Smtp-Source: AMrXdXtLYVc6TvW/Q5nmzpTWeXGfoMrxWvfYLCTO6SX8LJCZ+K4kERV6FMsSoWVhC2PSFBVPtyYjKQ== X-Received: by 2002:a17:907:9885:b0:870:7340:b770 with SMTP id ja5-20020a170907988500b008707340b770mr8612508ejc.54.1674074067156; Wed, 18 Jan 2023 12:34:27 -0800 (PST) Received: from mail.ancienthardware.org (2a02-a464-36da-fc--7f.fixed6.kpn.net. [2a02:a464:36da:fc::7f]) by smtp.gmail.com with ESMTPSA id e20-20020a170906249400b0084d4cb00f0csm12370904ejb.99.2023.01.18.12.34.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 12:34:26 -0800 (PST) Received: from arno by mail.ancienthardware.org with local (Exim 4.96) (envelope-from ) id 1pIF8c-00CxAr-0n for tuhs@tuhs.org; Wed, 18 Jan 2023 21:34:26 +0100 Date: Wed, 18 Jan 2023 21:34:26 +0100 To: tuhs@tuhs.org Message-ID: References: <202301180943.30I9hrOw030485@freefriends.org> <202301181513.30IFDDUJ015224@freefriends.org> <20230118151446.GD2964@mcvoy.com> <20230118161959.GE2964@mcvoy.com> <20230118163840.GF2964@mcvoy.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230118163840.GF2964@mcvoy.com> Message-ID-Hash: P5YYTCEGJ6KZLQL6V2RVMAZQXC4BP5YL X-Message-ID-Hash: P5YYTCEGJ6KZLQL6V2RVMAZQXC4BP5YL X-MailFrom: arno.griffioen@ieee.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tuhs.tuhs.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: Maintenance mode on AIX List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arno Griffioen via TUHS Reply-To: Arno Griffioen On Wed, Jan 18, 2023 at 08:38:40AM -0800, Larry McVoy wrote: > Someone once told me that if they had physical access to a Unix box, they > would get root. That has been true forever and it's even more true today, > pull the root disk, mount it on Linux, drop your ssh keys in there or add > a no password root or setuid a shell, whatever, if you can put your hands > on it, you can get in. Until a few years ago, I would definitely agree. Done that regularly in the past. (and worked on lots of network gear too...) However.. Nowadays with a little effort you can make a bootable Linux machine that uses either a passphrase or some external key/dongle/fingerprint/etc. to unlock an encrypted root fs and additional filesystems. If you don't have those credentials, then it's going to be pretty tricky to access as you simply can't even access any of the encrypted filesystems to start with. Yes, you could probably get the initrd booted with a root shell and then wipe the machine/disk to then do what you want, but the original install is getting pretty hard to jump into with boot tricks these days. Bye, Arno.