[gentoo-user] Security from non-authorized logins

2006-04-16 Thread Alan E. Davis
I helped a friend install Ubuntu GNU/Linux on his laptop, he left town, forgot his passwords, and I promised to breakin for him, so he can re-do his passwords. Told him all I have to do is run Knoppix, access his partition, and delete the little x in the password file. Then he would reset his

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Willie Wong
On Sun, Apr 16, 2006 at 09:54:33PM +1000, Penguin Lover Alan E. Davis squawked: He felt betrayed. I understand why, I think: what's secure about GNU/Linux if anyone can boot the system and reset his passwords? That is the same regardless of operating system. Physical access == no security.

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Jed R. Mallen
On 4/16/06, Willie Wong [EMAIL PROTECTED] wrote: On Sun, Apr 16, 2006 at 09:54:33PM +1000, Penguin Lover Alan E. Davis squawked: He felt betrayed. I understand why, I think: what's secure about GNU/Linux if anyone can boot the system and reset his passwords? That is the same regardless

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Alexander Skwar
Alan E. Davis wrote: I helped a friend install Ubuntu GNU/Linux on his laptop, he left town, forgot his passwords, and I promised to breakin for him, so he can re-do his passwords. Told him all I have to do is run Knoppix, access his partition, and delete the little x in the password file.

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Alan E. Davis
Still, it would perhaps be somewhat comforting to be able to disable EASY access to a mission critical system. What about further disabling of access to /etc/passwd? Does SELinux take any such steps? (Ok, I could look into this by reading TFM. Apologies). Alan On 4/16/06, Alexander Skwar

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Alexander Skwar
Alan E. Davis wrote: Still, it would perhaps be somewhat comforting to be able to disable EASY access to a mission critical system. Put them in a server room. Make sure, that only trusted people have a key to that server room. What about further disabling of access to /etc/passwd? Does

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Rumen Yotov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Alan E. Davis wrote: Still, it would perhaps be somewhat comforting to be able to disable EASY access to a mission critical system. What about further disabling of access to /etc/passwd? Does SELinux take any such steps? (Ok, I could look

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Norberto Bensa
Alan E. Davis wrote: He felt betrayed. I understand why, I think: what's secure about GNU/Linux if anyone can boot the system and reset his passwords? Oh C'mon! Like you NEVER did the same on a Windows box. YES, you can do something similar on NT/2K/XP/Whatever... Encrypt your filesystems

Re: [gentoo-user] Security from non-authorized logins

2006-04-16 Thread Boyd Stephen Smith Jr.
On Sunday 16 April 2006 06:54, Alan E. Davis [EMAIL PROTECTED] wrote about '[gentoo-user] Security from non-authorized logins': I helped a friend install Ubuntu GNU/Linux on his laptop, he left town, forgot his passwords, and I promised to breakin for him, so he can re-do his passwords. Told