Still, it would perhaps be somewhat comforting to be able to disable EASY access to a "mission critical" system.
What about further disabling of access to /etc/passwd? Does SELinux take any such steps? (Ok, I could look into this by reading TFM. Apologies). Alan On 4/16/06, Alexander Skwar <[EMAIL PROTECTED]> wrote: > Alan E. Davis wrote: > > I helped a friend install Ubuntu GNU/Linux on his laptop, he left > > town, forgot his passwords, and I promised to breakin for him, so he > > can re-do his passwords. Told him all I have to do is run Knoppix, > > access his partition, and delete the little x in the password file. > > Then he would reset his root password in be back in business. > > > > He felt betrayed. I understand why, I think: what's secure about > > GNU/Linux if anyone can boot the system and reset his passwords? > > That's NOT a Linux problem. If you've got physical access, > you can easily break in (same for Windows, BTW). > > > I said, Dunno. I'll ask on the Gentoo list. > > > > How can anyone easily avoid the problem of anyone being able to access > > the guts of his machine using a live CD? > > Remove CD-Rom. > Put Computer in a solid box which cannot (easily) be opened, > so that it's "impossible" to attach an external CD-Rom. > > > I already thought of one: > > use the BIOS to disallow booting from a CD or Floppy, and set a > > password on the BIOS. > > Most BIOS support either a "master password" > or a way to reset a password (some pins on the > motherboard). > > > Don't know whether all BIOSes will allow this, > > and anyway, isn't it possible on a lot of motherboards to short out > > the EPROM and thus reset the password of the BIOS? > > Yes. > > Alexander Skwar > -- > Hey Satan, didja hear the news? A war just broke out up on earth. > > Meet Saddam Hussein, my new partner in evil. > -- > [email protected] mailing list > > -- [email protected] mailing list

