On Tuesday 25 March 2008, Liviu Andronic wrote: > > But you can boot from a LiveCD, mount your harddrive, chroot and > > then give root another password. > > But then, conventional passwords are as useless. One needs no more > than physical access to the computer, a LiveCD and a couple minutes > in order to become the super user of your system. Basically, the > password seems useful only to know whether anyone has changed it > behind your back.
Let me guess - you own a notebook and most of your exposure to running a computer is limited to that, and you have never administered a real server somewhere, right? It's very very easy to keep your servers safe from physical access attacks - make sure the bad guys can't touch it. This is so easy to do it's laughable - we use a locked door. The only people who have a key are those who have to root password anyway. On a notebook, there isn't an OS in existence that is immune to a LiveCD. If this concerns you, apply some biometrics and encrypted filesystem patches. Or stop using notebooks. Or stop using computers that someone else can touch. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
