"Walter Dnes" <waltd...@waltdnes.org> writes: > On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote > >> That leaves the question why a user who isn't even logged in should >> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del. >> Such users shouldn't be allowed to do anything but to log in. > > As the old saying goes... "If you don't have physical security, you > don't have any security". A malicious person at the physical keyboard > of the machine could just as easily yank the power cord of out of the > wall, insert a USB key into the machine, plug the machine back in, boot > up from the USB key, and copy over malicious binaries.
It's not logical to provide ppl who want to copy over malicious binaries with an easy way to reboot the machine in order to do so. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
