On Friday 14 March 2003 09:23 am, jokerman64 wrote: > On Friday 14 March 2003 6:58 am, Han Boetes wrote: > > Chmouel Boudjnah <[EMAIL PROTECTED]> wrote: > > > Han Boetes <[EMAIL PROTECTED]> wrote: > > > > That's a local exploit. I can think of a few other local > > > > ``exploits'' as well, like booting in single user mode. > > > > > > ???? this is not a exploit if you can _boot_ in single user mode it's > > > mean you have acess to the hardware and if you have access we cannot > > > do anything of security for you. > > > > Ahem, you are right. :) > > > > > > > > # Han > > I disagree, i don't think that if you go into single user mode that you > should be root. You should still have to log in. The argument that someone > has physical access to your computer thus making it your problem and not an > exploit is IMHO fallacious. No one should be able to get root that easily.
So set a bios password or a bootloader password if you are worried about physical security, because simply having someone not log in as root by single mode won't save you from a bootdisk anyway. Having a password in single mode would be useless as a means of physical security. Set your bios with a pw (edit pw, not a boot pw - after all you don't want to have to enter a pw every time you boot - that sucks), set your bios to only boot from HD. Now in lilo set it restricted so that someone with physical access can't give options to lilo bootparams without supplying a password. Now no one can use a bootdisk to get around OS security, and no one without the password can boot single mode. Problem solved. -- Jason Straight [EMAIL PROTECTED] icq: 1796276 pgp: http://www.JeetKuneDoMaster.net/~jason/pubkey.asc
