Does the laptop repair man have "Super User" privileges?
agp.cooper wrote 05/07/2019 at 13:00 • 2 pointsI recently had my laptop repaired (broken power/IO board) and I forgot to give the repair guy my passwords. One to un-encrypt the disk and the other my user password. Now I got back my laptop and all good except Mint (Linux) appears to be reinstalled (?). I say that because a number of settings have been reset to defaults. For example, access to the /dev/ttyUSB0 (to use a USB serial adapter you have to set permissions after a reinstall). Also, the macro setting in LibreOffice had been reset (actually all the macros were gone!), and I had to reinstall some graphics libraries for compiling some of my programs. I also "think" there are some missing software icons on the desktop (but I am not sure).
So am I paranoid or not?
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.
But if you use LibreOffice and write macros, the macros are not stored in the file (like Excel) but in a .config sub-directory. So don't forget to copy the files from there as well. This has cost me a lot of time working out what went wrong.
AlanX
Are you sure? yes | no
Oh, I have worked through what "I" did. I sort of forgot in the passage of time that it took to get it repaired, that I had reinstalled Mint just before I dropped the laptop. Yes I had done most of the reinstall, copied the files across, but I had not "fixed" all the protections and settings etc.
Are you sure? yes | no
Monty Python! Wonderful. Yes would not get past the SJW's today. Anyone for Bennie Hill?
Are you sure? yes | no
I am not worried, just puzzled that permission were let me say "lost".
And yes you are right about the partition is encrypted rather than the whole disk.
The last user in /etc/passwd is 1000 and is my user name. So no simple back door.
The install date from the link is correct. Perhaps I am confused.
Are you sure? yes | no
Also, instead of changing the permissions on ttyUSB0, try adding yourself to the "dialout" group. That should give you R/W access to those devices.
sudo usermod -a -G dialout $USER
Are you sure? yes | no
Yes this is what I did, but thanks.
Are you sure? yes | no
Anyone with physical access to a system can get around normal password protections. At its simplest, they can remove the disk and mount it as an auxiliary disk on a different system and paw through the files.
That being said, if a disk is encrypted then there's no good way around that. Maybe the NSA can get through that, but I haven't heard of any user-level way to breach that level of security.
In many cases linux is installed on a separate disk partition from the user data, and precisely for that reason: you can reinstall the OS without touching the user files. You can check this by opening a terminal and typing "df", and seeing whether /home is mounted on a different partition than "/".
Linux also allows users to encrypt their home directory while leaving the system in the clear, and it sounds like this is what you have. You can check the file-modified times on some of your system files to see if they've been changed; for example /etc/hostname would be a good file to check, or the modification time of applications that you know you installed before the repair.
If you really think the OS was reinstalled, wipe it and reinstall it yourself. You can save your user directory, reinstall the OS, and then copy the contents back - I've just done it this weekend and it works perfectly.
(It's convenient if the user number on the new system matches with the number on your existing system. In other words, check /etc/passwd and look at the user ID of your current login, the user number is probably 1000, and verify that the new system /etc/passwd has the new user ID number set at 1000 as well. Linux allocates user IDs sequentially from 1000, and sometimes installed programs generate a new user. If the ID numbers match then the copy will be flawless - if not, you'll have to get into root and manually set yourself as the owner of all your files after the copy. The command "chown -R user:user *" will do this.)
BestBuy is notorious for searching through customer files looking for evidence they can give to the police (child porn, terrorist plans, and so on), and also things they can use against you (nude pics of your wife, engineering plans to sell to China, and so on).
If a new OS was installed there is no way to tell whether binaries have been changed, there's a back door installed, or anything. Installing a backdoor that "phones home" to China would be entirely in line with what BestBuy has done in the past, and if you didn't use BestBuy it'e even more likely that this was done.
And there's no way to tell.
Just go ahead and reinstall from known sources, then copy your home directory over. It takes a bit of time, but it's fairly seamless.
See here for more information:
https://security.stackexchange.com/questions/185027/full-disk-encryption-vs-home-folder-encryption-why-should-the-former-be-chosen
https://askubuntu.com/questions/1352/how-can-i-tell-what-date-ubuntu-was-installed
Also, google is your friend. If you're uncertain about doing this, do some research on the net and go through some tutorials first.
Are you sure? yes | no