Message from Mikkel L. Ellertson on Mon, 26 Mar 2001, 12:14 <-0600>:
> On Mon, 26 Mar 2001, Wolfgang Pfeiffer wrote:
>
> > Just read the thread on how to create a new password for root (entering
> > single user mode, writing "linux single" at the lilo prompt then typing
> > "passwd" etc. ...
> >
> > How can I prevent this, because this possibility (as convenient it may be
> > for a poor admin having lost his password) basically leaves my system
> > vulnerable for every creep knowing the trick, too ...
> >
> > Please tell me someone I'm wrong ...
> >
> > Regards.
> > Wolfgang.
> >
> >
> Yo are basicly at the mercy of anyone that can get at the physical
> console. There are ways you can protect yourself to some extent.
>
> Password protect LILO - for each boot lable, or to enter options
> at the LILO prompt.
> Disable booting from anything except the hard drive.
> Do not have DOS or Windows on the machine. (Loadlin lets me boot what I
> want and get full access.)
> Set BIOS passwords for setup, and booting.
.. that's what I did, but I have just studied my motherboard manual:
AFAIUI anybody having access to the CMOS pins there simply can jumper away
my passwd for booting (because one of the jumper settings there says:
'Clear CMOS data' (thanks, Bret ...) ... long live progress, or so ....
:-/
Regards.
Wolfgang
> Lock the case of the machine.
> Lock the machine to an inmovable object.
> Restrict physical access to the machine.
>
> Basicly, if someone can get at the machine itself, knows what they are
> doing, and has enough time, they will get in.
>
> Know your cleaning staff, and any maintence workers that work when the
> building is otherwise deserted. I have lost cound of the offices,
> banks, and computer rooms I have had unrestricted access to just because
> I was an electrician doing work after hours. It is a good thing I am
> honest - imagine what I could do with a BBC CD in my pocket...
>
> Mikkel
>
--
html-mail sent to me will discover digital Nirvana ... :)
( ... >/dev/null, or wherever it is ...)
http://www.geocities.com/wolfgangpfeiffer
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
