On Friday 14 March 2003 10:11 am, Adam Williamson wrote: > Not entirely. You also have to lock your case shut somehow to stop > someone opening it up and flicking the BIOS reset... > > Anyway, in regards to the original bug, this isn't purely a local > exploit, surely? Doesn't it also apply to someone ssh'ing in from a > remote site? i.e., I could give a simple user account to someone in > Australia, thinking it's safe, and they could then ssh in and use this > exploit to get a root shell?
Yeah, I just wasn't going that in depth. Of course for real physical security, you should install your systems inside a farraday cage so no one can use eavesdropping methods to get your passes too. Just the point that single mode isn't really a weakness, no more than being able to run bash as root is. If someone is allowed to get to single mode without supplying some form of security authentication then the administrator has already failed his job of being physically secure. May as well just log in as root at the console and leave it unlocked that way. :) -- Jason Straight [EMAIL PROTECTED] icq: 1796276 pgp: http://www.JeetKuneDoMaster.net/~jason/pubkey.asc
