On Sat, 2007-04-21 at 12:45 -0400, Douglas Allan Tutty wrote: > On Sat, Apr 21, 2007 at 12:21:52PM -0400, Greg Folkert wrote: > > On Sat, 2007-04-21 at 17:18 +0300, Linas ??virblis wrote: > > > Douglas Allan Tutty wrote: > > > > > > > If something happens during boot and you want to boot single, /home > > > > isn't mounted and only root is allowed to log in. If there is no root > > > > user, how does this happen? > > > > > > This one is a nasty surprise. You will be given a root prompt _without_ > > > being asked for password. This looks more like a bug, rather than a > > > feature, to me. > > > > Physical security. If they have the console, they have the machine. IMO. > > > > *They* can bring in bootable media. Change the root password from there > > or add another stealth user with UID 0... then you *ARE* screwed. > > > > [snip useless attempts at blocking physical access] If they have the console, they can and will be able to compromise the machine NO MATTER the steps you have taken on the machine level. Keeping an attacker away from the CONSOLE is the ONLY way to keep them from compromising the machine through physical attacks. If they can touch the keyboard and have physical access to the machine's internals... There is literally no amount of measures you can take to keep them out of the machine. There is one measure that (nearly) always works... LOCKED DOORS to a secure facility. If you have to have people in and out of the facility, you better have some kind of access control in place with logging (and cameras). -- greg, greg@gregfolkert.net Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup
Attachment:
signature.asc
Description: This is a digitally signed message part