[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



On Sat, Jul 01, 2000 at 08:55:10AM -0400, Daniel Burrows wrote:
> On Sat, Jul 01, 2000 at 10:19:39AM +0200, Thor <thor@tech-center.com> was heard to say:
>   ..unless, of course, the machine's owner has disabled floppy boots..in which
> case, you have to open the thing up and reset the BIOS; if the machine is in
> an environment with someone watching what's going on (eg, a school computer
> lab), this is fairly suspicious behavior and likely to bring unwanted
> attention..

	 . . . and if you have it *locked* and someone comes in with 
a pair of bolt cutters, and you have *cameras* in every room.
	Back to the software side, it is also wise to disable boot from
anything but your desired boot partition, put a password on the BIOS,
then change your /etc/lilo.conf to be restricted (requiring a password
to pass options to it) and make it readable (and writable) only by
root.
	On top of that, we have our Linux-only machines set up so
that ctl-alt-del spits up a message saying "This is a Linux-only 
machine", and the power and reset buttons are disabled, as well
as the magic sys request keys.
	Oh yeah, we also don't use autofs for user mountable
or removable media.

-- 
Key fingerprint = 9C 6F 99 52 BF 97 C7 44  6F E3 4F 6E C6 2A 20 9F
http://www.nmt.edu/npsimons/

Attachment: pgp7ZH0dNHkC1.pgp
Description: PGP signature


Reply to: