On Friday 03 October 2008 16:48:06 Simone Piccardi wrote: > Donald A. Tevault wrote:
> > You'll also want to emphasize the importance of physical security in > > this regard. If an attacker can get physical access to a machine, he > > can just boot off of a live Linux CD, mount the harddrive, and get > > whatever he wants with full root privileges. All the bootloader > > security in the world won't mean a thing in this instance. > > That's why I have some doubts about the usefulness of a bootloader > password, because to give the password you need physical access. It's useful in cases where a somewhat trusted person has access to the local console but not the physical hardware box. Then they can select different boot options, but not different boot media and are thus limited to booting only those kernels that are already there. So a boot loader password does have some uses, they are limited in scope and have to be used together with common sense. They do absolutely nothing to stop the local admin above from entirely disabling selinux for example. -- alan dot mckinnon at gmail dot com _______________________________________________ lpi-examdev mailing list lpi-examdev@lpi.org http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
