Re: single login

From: erik (erik_at_geenspam.vanwesten.net)
Date: 08/02/03 

Date: Sat, 02 Aug 2003 20:06:52 +0200

Keith Keller wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <3f2baec3$0$49114$e4fe514c@news.xs4all.nl>, erik wrote:
>> Keith Keller wrote:
>>>
>>> - --Multiple levels of security. If the BIOS is password protected,
>>> then
>>> the case must be opened in order for damage to be done. But if
>>> runlevel
>>> 1 opens a root shell, damage is easy to wreak. If an attacker has
>>> only limited time to work on your box, the more time it takes to
>>> attack the less likely he'll succeed before he needs to cease his
>>> attack.
>>
>> And that is not a valid argument. Insert your own hd an you're off.
>
> Now, I could be wrong, but doesn't inserting your own hard disk
> involve
> opening the case? Perhaps you're more adept at opening a case than I
> am, but for me it's a lot faster to type at a keyboard than it is to
> open a case. (Though my new G4 case is fairly trivial to
> open--perhaps I should invest in a padlock.)

I'm not particularly adept at it, but a lot of students are. It takes
them 30 seconds to open a case and steal the ram chips...

>
>>> If it were difficult for an admin to either set up /sbin/login in
>>> runlevel 1,
>>> or if it caused major problems, I could see reason not to do it.
>>> But it's easy and isn't terribly inconvenient, so it's worth doing.
>>
>> And as fas as I can see it really doesn't help...
>
> It can help, if you don't want to use a lilo/yaboot password. If your
> primary concern is protecting the system from accidents, you don't
> particularly need a bootloader prompt (though it can't hurt, either).
>

You haven't seen the situation where you lost the root password for
whatever reason, have you?

EJ 

-- 
Remove the obvious part (including the dot) for my email address
Quantcast