Martin wrote:
> you can password protect LILO, so that no options can be passed at the
> prompt without supplying the password...
Storing a password in clear text in /etc/lilo.conf seems like the worst
possible solution. Even if I 'chmod 0600 /etc/lilo.conf' I have complete
faith in the ability of a determined undergraduate student, with copious
amounts of spare time, to find a way to subvert the file permissions. Hence
gaining the 'boot time' password, booting in single user mode and wreaking
havoc on the world at large.
Perhaps I could add the password option to lilo.conf, run lilo, then remove
the password option... does lilo store the password on the MBR? If so, is it
encrypted?
> you will also want to password protect the bios to prevent people from
> booting off floppies etc. and bypassing your security
Yes, this is our current policy.
Shaun
--
Shaun Cloherty
Graduate School of Biomedical Engineering
University of New South Wales
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
