On Fri, 31 Mar 2006, [EMAIL PROTECTED] wrote:
On Fri, 31 Mar 2006 09:21:13 EST, Michael Holstein said:
Trivial to defeat. Just boot in to single user mode with these kernel
options:
single init=/bin/bash
Again .. only due to initial misconfiguration.
Nobody should allow alternate switches to be passed to the kernel at
boot .. either by password-protecting the bootloader, or via firmware
(as with OpenBoot).
Of course, if you're that paranoid, you *did* configure whatever the machine
uses for a BIOS to only boot off the intended hard drive, right? ;)
In which case the person needs to remove the hard drive, and put it into a
different system for the modifications (or mirroring).
For the most part, if an attacker has physical access to the hardware
itself, you just lose.
--
Greg
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
