On 2003.09.19 11:13 John Hebert wrote: > Is there a way to stop someone with physical access to the box from booting > into single user mode and changing the root password? I'm not interested in > solutions that require setting a boot or poweron password in the BIOS. I'd > like something that could be done in the Linux kernel, so as to apply to > multiple platforms. > > Thanks, > John Hebert >
I'm not sure what you want to accomplish. Physical access is hard to secure against. If I have physical access, I can boot off a floppy, a CD or steal your hard disk and read it at home in my spare time. A carefully prepared CD can load up a system with keyloggers, zombies and all the badness of Internet Exploder. A dual boot machine that is booted into windoze can erase all linux partitions, including the kernel. Of course access like that can be followed, with a little care, by selective edits. A Linux bios, with proper root passwords may offer some protection but all is lost when control is passed to an alternate kernel.
