:Show me a disk that's _not_ removable. By your logic we would have _no_
:sguid/sgid binaries _ever._
:
:Physical access to a machine is always a security risk. Why would you
:treat easily-removable media any differently to slightly-harder-to-remove
:media? You still need to break into the vault to remove them.
:
:Joe
Well, I don't think this is a very fair argument. There are plenty of
situations where you might want to differentiate, even with physical
access.
For example, take PC's in a library. Lets say that the PC's get all
their critical stuff via read-only NFS mounts, but the library wants
to allow people to import and export files via the floppy drive. In
this example, there is a very definite distinction between a filesystem
on the floppy drive and 'everything else'.
Even when you throw a hard drive in, just because someone has physical
access to the outside of the machine does not necessarily mean that
he has physical access to the inside of the machine. Take, for example,
a supervised machine or machine which is 'locked down' and has a bios
password installed.
While it is certainly true that a person could eventually get physical
access into the machine, it is a significantly more difficult task and
therefore a significant distinction still exists between the data stored
on the hard drive and stored in, say, a floppy.
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
