[Gllug] tips and tricks...

E. R. Vaughan e.vaughan at btinternet.com
Fri Feb 8 09:16:51 UTC 2002 

> Is that a Feature or a Bug?

Feature. You can stop people entering paramaters for the kernel by using the
"restricted" option in lilo. (IIRC, see man page)

> Doesnt that make my Win2k box more 'physically secure' than my linux box?

You have to understand if someone has physical access to your box it is "Game
Over". That is the bottom line and is the only point I posted this. What if
someone can boot a floppy or CD and rewrite the bits on your hard disk?

It doesn't matter if you are using Linux, 'doze or whatever. "physical
security" is a stupid phrase. Your best "physical" protection devices are
*social* and *pyschological* forces.

However, there are several steps you can take to "protect" your system:

* remove the ctrlaltdel line of inittab if you have this
* disable booting of floppy and CD in BIOS setup
* remove your floppy drive and CD drive
* use a system password in BIOS
* remove clear CMOS jumper from motherboard and rewire the tracks on the
motherboard.
* put your computer in a locked steel box.
* ask the receptionists to stop anyone with oxyacetylene torches entering the
building

It will ALWAYS be possible to get root on it if you are determined enough.
(Unless your disk is encrypted and perhaps even then.)

Emil


----- Original Message -----
From: "./michael" <m1k3oh at yahoo.com>
To: "Gllug" <gllug at linux.co.uk>
Sent: Friday, February 08, 2002 7:37 AM
Subject: [Gllug] tips and tricks...


On Fri, Feb 08, 2002 at 12:33:35AM +0000, Nix wrote:
>No need to do that.
>
>Pass
>
>init=/bin/sh
>
>to the kernel via the LILO command line, &c.
>
>Bingo, instant root prompt.
>
>(Of course you need physical access for this so it is not a security
>hole; someone with such access can already do anything.)

Youre Right! That works like a dream. I am well impressed but a 'little'
concerned too. Isnt that a security
risk? Is that a Feature or a Bug?

Doesnt that make my Win2k box more 'physically secure' than my linux box?

Cheers Folks,

.::Michael


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


--
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list