Neale Banks writes: > On Sat, 1 May 1999, Desync wrote: > > If someone really wanted to do some damage with physical access to a > > machine, popping a rescue disk set into the drive and rebooting with the > > reset switch would do fine. > > Agreed: there is much to be said for the assertion "physical access == > game over". Keyboard + monitor != floppy drive + reset switch. It's simple enough to secure a system inside a locked cabinet and only have a keyboard and monitor outside. Furthermore, if you put a bios setup password (and binary edit your flash to change the !@#!@# backdoor password) and password lock your boot manager (in this case, it would be LILO) someone with keyboard access cannot do anything. Unless, of course, a braindead boot-script gives them some kind of root access. Another (generally fixed now) example would be boot-time fsck(8). Administrators take heed: Read your bootscripts. Make sure they "Do the Right Thing" in case of errors. --Dan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:05 PDT