Donald A. Tevault wrote: >> Date: 01 Oct 2008 17:21:59 -0400 >> From: "G. Matthew Rice" <[EMAIL PROTECTED]> >> Subject: [lpi-examdev] 303 Security exam objectives >> To: lpi-examdev@lpi.org >> Message-ID: <[EMAIL PROTECTED]> >> Content-Type: text/plain; charset=us-ascii > >> 2. bootloader security >> >> There must be more to it that 'put a password on it' :) >> >> > There is another aspect to this that I just thought of. > > You'll also want to emphasize the importance of physical security in > this regard. If an attacker can get physical access to a machine, he > can just boot off of a live Linux CD, mount the harddrive, and get > whatever he wants with full root privileges. All the bootloader > security in the world won't mean a thing in this instance. >
That's why I have some doubts about the usefulness of a bootloader password, because to give the password you need physical access. Ciao Simone -- Simone Piccardi Truelite Srl [EMAIL PROTECTED] (email/jabber) Via Monferrato, 6 Tel. +39-347-1032433 50142 Firenze http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336 _______________________________________________ lpi-examdev mailing list lpi-examdev@lpi.org http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
