Re: Security Implications of running startx from command line - was Re: Startx: was Great Debian experience
On 21 March 2014 11:18, Darac Marjal <mailinglist@darac.org.uk> wrote:
> On Fri, Mar 21, 2014 at 11:06:03AM +0000, Robin wrote:
>> I may have missed something. If someone has physical access to your
>> machine can't they just power off and go into single user mode and
>> change the root password?
>
> Maybe, maybe not. Console access doesn't have to mean complete access.
> The scenario I always have in my head for these sorts of things is a
> Computer Lab at a university/college. You can allow anyone to come up
> and use the machine via the keyboard/mouse/VDU attached to it, but to
> counter the attack vector you mention, you simply lock the computer
> itself away in a secure cage under the desk. That also stops the
> "security vector" of someone simply picking up the machine and walking
> off with it ;)
>
Sorry my mail was a bit terse. I was referring to whether a DM is more
secure than startx when there is physical access to a machine.
--
rob
Reply to: