Carl Hartung wrote: > Encouraging insecure practices is not a successful > competitive strategy because it moves you farther away from the goal instead > of closer to it.
When you see this as being insecure, what about GRUB not being password protected by default? init=/bin/bash gave me immediate access to the system last time I tried. Once you are at it, you should also require people to secure their BIOS with a password and deactivate booting from removable media/network. Because both methods will give an attacker full access without having to use a screwdriver (those are another matter). If (and only if) the user has adequately secured both his BIOS and his boot loader he can start worrying about auto login, which does _not_ give you full control over the system, in contrast to the other two. I think that it is safe to assume that every user that secures his BIOS and boot loader is also clever enough to turn off auto login. Regards nordi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
