On Tue, Oct 16, 2001 at 07:45:15AM +0000, Yuwen Dai wrote: > Hi, ALL > > For the sake of security, how to disable the `single' parameter when > booting? just out of curiosity, do you also have the case inaccesible, and boot media disabled and the bios protected? I have always been of the impression that if you have physical access to a box, you have root. To what extent is this true? How well can you really lock down a box when your attacker has physical access? I guess there are several answers to this question, depending on the level of physical access. I can imagine a few levels of interest: *access to power but not the inside of the machine (like in a lab) *access to the removeable drives, but not the inside of the machine *access to the inside to put in more devices (like a floppy or another drive) *access to the inside to remove devices (like your hard drive) and another machine to put them in for analysis Is it really possible to deny root in the first two cases? I'm nearly positive it's not possible in the second two, but I've never come across a really secure box. -ben -- Ben Hartshorne ...Discarding smoothly, as we disembark, ben@hartshorne.net All thoughts that held us wiser for a moment ben.hartshorne.net Up there, alone, in the impartial dark. -M. Oliver My PGP key is at /pgp.txt. Please encrypt all communications.
Attachment:
pgpbMzFUHYPPf.pgp
Description: PGP signature