You guys are confusing physical security with boot security.
It is true that if you have physical access to a system, you can get around any boot security, but you are missing the point that every OS will eventually be used with a serial or console connection.
If someone compromises the console server (often easier than it should be) then they have console access without physical access. I would much rather have the minor inconvenience of single user requiring a password than make anything easier for a would-be cracker.
Nicholas Leippe wrote:
On Thursday 26 April 2007, Stuart Jansen wrote:On Thu, 2007-04-26 at 12:03 -0600, Nicholas Leippe wrote:On some distros, even single user asks for the root password. You can get past that by passing init=/bin/sh to the kernel. If you have /bin/bb, even better. Where to go from there is left as an exercise for the reader.Using init=/bin/sh on modern systems with udev, etc. is not for the faint of heart.Which is why I left it as an exercise for the reader. ;)If your distro requires the root password to enter single user mode, it'd probably be easier to just boot from a rescuedisk. SUSE is an example of an annoying[1] distro that requires the root password for single user mode, but in compensation the SUSE rescue disk is kinda snazzy.Likewise for Gentoo, on both accounts.[1] If you have enough access to reboot into single user mode, you've got enough access to boot from alternative media or pull the drives. Requiring the root password doesn't do much to improve security.Yep. When there's physical access to the box, all bets on security are off. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
smime.p7s
Description: S/MIME Cryptographic Signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
