Re: Passwordless root shell is offered when boot problem occurs.

To: debian-user@lists.debian.org
Subject: Re: Passwordless root shell is offered when boot problem occurs.
From: Sthu Deus <sthu.deus@gmail.com>
Date: Sat, 3 Dec 2011 17:53:54 +0700
Message-id: <[🔎] 4ed9ffc7.c48dcd0a.3323.ffff8fcc@mx.google.com>
In-reply-to: <[🔎] 20111203000543.44f5a1ef@neminis.intra.loos.site>
References: <4ed32ea3.0611cc0a.0f76.ffffe07e@mx.google.com> <20111128171700.61ae32ed@neminis.intra.loos.site> <[🔎] 4ed7b162.4713cc0a.158a.544a@mx.google.com> <[🔎] 20111202000209.2394c79e@neminis.intra.loos.site> <[🔎] 4ed889b7.c798cc0a.1b8c.ffffe8f9@mx.google.com> <[🔎] 20111203000543.44f5a1ef@neminis.intra.loos.site>

Thank You for Your time and answer, Arno:

>> Hmm. I thought everybody has the same OS behavior in such
>> condition... And the problem here is only improper/default
>> configuration.
>
>That could very well be, but I haven't had a boot problem in years
>(well, except when trying out systemd). A standard Debian config should
>not offer a passwordless root shell unless you explicitly ask for it,

Oh, no! I didn't! :)

Do You have an idea where to look for that? - I have no ideas,
absolutely.

>Early boot messages should be found in /var/log/boot, but bootlogd
>seems very hit&miss on my systems. Filesystem checks are logged
>in /var/log/fsck.

Same here.

>It's not about emergency situations, although it certainly can be used
>as such. It's about accesss: if anyone has physical access to your
>machine, there are so many ways to access your system that it is silly
>to protect against one of them.

That's right. But it is just a link in a chain of undertakings to
protect the computer totally or, to make one's life harder. :)

On other hand, if we pursue this idea - that physical access makes a
host absolutely undefended, - we can let root account to be
password-less - for why worrying?

I understand the things You are speaking about - but I want ot all I
can to make it more secure - even having physical access to the host.

>So yes, protecting yourself from physical attacks by insisting on a
>root password is abnormal behaviour. How are you going to prevent an
>attacker from opening your PC and connecting the harddisk to his own
>machine?

Probably, to supply a dynamite? :) - I think it goes beyond Debian
security, doesn't it?

>> - and in case I want to commit
>> what I have targeted, I have to develop the solution myself (that is
>> there is no a config. file that I might simply turn on the password
>> prompt for root shell in such cases)?
>
>In short, yes. If you really want to be that paranoid (and there are
>good reasons for it, especially on laptops), you should be looking at
>encryption as your solution (dm-crypt, truecrypt, bitlocker), not
>passwords.

Oh, OK... Thanks again.

Reply to:

Follow-Ups:
- Re: Passwordless root shell is offered when boot problem occurs.
  - From: Arno Schuring <aelschuring@hotmail.com>

References:
- Re: Passwordless root shell is offered when boot problem occurs.
  - From: Sthu Deus <sthu.deus@gmail.com>
- Re: Passwordless root shell is offered when boot problem occurs.
  - From: Arno Schuring <aelschuring@hotmail.com>
- Re: Passwordless root shell is offered when boot problem occurs.
  - From: Sthu Deus <sthu.deus@gmail.com>
- Re: Passwordless root shell is offered when boot problem occurs.
  - From: Arno Schuring <aelschuring@hotmail.com>

Prev by Date: Re: a short cut on desktop on gnome3
Next by Date: Re: configuring Streamzap remote on Wheezy
Previous by thread: Re: Passwordless root shell is offered when boot problem occurs.
Next by thread: Re: Passwordless root shell is offered when boot problem occurs.
Index(es):
- Date
- Thread