> And a boot disk will bypass this and any other options you put in lilo.
> The only way to secure a machine it NOT to allow physical access.
> If they know about linux single they know how to use a boot disk.
> You are just kidding yourself if you think your machine is secure.
A boot disk will bypass this, but you can always disable booting from
a floppy -- 95% of the BIOSs can do that. Then you'll have to somehow
secure the box so that noone opens it and simply resets the BIOS with
a paper clip :) (But they'd have to be familiar with the motherboard).
But even then, people can use programs that run under dos-windoze to reset
the BIOS -- I've tried this with several different BIOSs with a _lot_ of
success!
You are right, of course, that a machine can never be totally safe from
people with physical access to it. But the latter is required for what
Tom Diehl described, a student lab(?). And I can't easily imagine students
breaking machines open just to find their way to root privs on a single
workstation :-).
Regards,
Stelios.
--
"Men of lofty genius are most active
when they are doing the least work".
-- Leonardo da Vinci
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
