On Friday 14 March 2003 06:45 am, Guillaume Cottenceau wrote:
> Henri <[EMAIL PROTECTED]> writes:
> > on critical apps, on drakconf tools ecc. or not ? Perhaps this
> > would avoid big holes like the shutdown one, no ?
>
> The shutdown problem is not a big hole. It grants local root
> access only for people with a login on the "physical" machine
> (console login). Securing those machines is already "something"
> since you at least need to password-protect the bootloader (and
> forbid booting from floppy/cdrom/network) and encrypt the
> partitions. Not to say it's non-important, but it's not a problem
> for servers, so to say.
This is true besides under windows using fat32 or ntfs even with it encrypted
you an still access the data.
For this to happen you would have to invite somebody into your server room,
office or home and let them take a whack at hacking your system.
--
-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Brook Humphrey
Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107
http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED]
Holiness unto the Lord
-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
