Well, let's assume that the box does not have removable media. This scenario reminds me of a conversation me and a workmate had about self-destructing hard drives: wire the "case open" switch to a blasting cap embedded in C4 or magnesium surrounding the hard drive. And then use a rechargeable battery to keep the circuit powered. :)
What would be a cool LKM is doing a similar function in software; a self-destruct module that kicks off when someone changes the root password in single user mode and wipes the drive. Ok, it's Friday... :) John Hebert -----Original Message----- From: Scott Harney To: [email protected] Sent: 9/19/03 12:03 PM Subject: Re: [brlug-general] Is there a kernel patch to stop single user m ode? Mat Branyon <[EMAIL PROTECTED]> writes: and a BIOS password can be bypassed as well. (remove the hard drive. reset the BIOS) better to just protect rom physical intrusion unless your "threat model" is a relatively unskilled/unkowledgable attacker that would be easily thwarted by a grub/lilo password. > That being the case, a BIOS password would be needed as well. I could > always pop in a knoppix cd and steal john's computer data ;) > > --mat > > On Fri, 2003-09-19 at 11:36, Kevin Bucknum wrote: >> > >> >Is there a way to stop someone with physical access to the box >> >from booting >> >into single user mode and changing the root password? I'm not >> >interested in >> >solutions that require setting a boot or poweron password in >> >the BIOS. I'd >> >like something that could be done in the Linux kernel, so as >> >to apply to >> >multiple platforms. >> >> Both Grub and Lilo have password options to prevent access. Downside is if >> the machine has to reboot due to power issues someone will have to be at he >> console. If the machine has bootable removable media then nothing will >> prevent it however. >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://brlug.net/mailman/listinfo/general_brlug.net >> > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net -- Scott Harney<[EMAIL PROTECTED]> "...and one script to rule them all." gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
