On Tue, Mar 05, 2002 at 12:14:25PM -0300, Michel Loos wrote:
> Em Ter, 2002-03-05 às 11:57, will trillich escreveu:
> > On Sun, Mar 03, 2002 at 09:40:48AM -0800, Xeno Campanoli wrote:
> > > In the Trinity OS security recommenation they say to disable the ability
> > > to run init interactively by setting
> > >
> > > prompt=no
> > >
>
> This is the default in Debian (in lilo.conf) but it is not necessary,
> even if the guy in front of the computer types the usual:
> linux single
> :he will not get root access to your computer without knowing the
> passwd. (At least on testing with a 2.4.x kernel).
>
> If he wants access, he can always boot on a floppy or CD and do whatever
> he wants to.
> You will have to disable (in the BIOS) floppy/CD booting AND put a BIOS
> passwd or all this is for nothing.
And you somehow have to block out somebody giving lilo
linux init=/bin/bash
as this will get him/her straight into a root shell.
Check the security howto: http://www.linuxsecurity.com/Security-HOWTO
HTH
--
_ __
|/ _ _| |_ | _ __ _ _ _ _ _ _
|\(_|| | |_ |(/)| (_|(-'| |`-,(-`| | http://www.karl.jorgensen.com
\_| _|
Attachment:
pgpLrxKuZHohj.pgp
Description: PGP signature