RE: Problems with root on network clients

["Alex Swavely" <aswavely@softwarerevolution.com>]

Pretty basic: remove the floppy drives (or if your users really need them -
don't know why - disable them booting in bios).  Set a bios boot password
and a bios change password (to different things, of course.)

Finally, there usually is this nice tab with a hole sticking out the back of
many cases these days.  Put a padlock on the tab and nobody gonna open that
thing without a bit of hassle.

-----Original Message-----
From: Alex Pires de Camargo [mailto:acamargo@linux.ime.usp.br]
Sent: Thursday, November 23, 2000 2:08 AM
To: debian-security@lists.debian.org
Subject: Problems with root on network clients


	Hi!
	I administer a network with server and clients Debian based,
and would like to know if I can solve this problem.
	It's a little easy to an user open a PC, damage the batteries,
boot with floppy and login as root in a client. But one thing is
undesirable. He can do su - <users> and do many things on users
homes. The rootsquash options on nfs solve the problem when the
user is root, but as I explain, this is not sufficient.
	Is there anything I'm forgetting to make? On server I run
potato, nis (not nis+), nfs-kernel-server.
	Thanks,

				Alex.


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org