Re: Security Question: require root passwd for single user modelogin?

Subject: Re: Security Question: require root passwd for single user modelogin?
From: Michael A. Peters (Moonglue@141.com )
Date: Mon Aug 28 2000 - 16:49:57 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Michael A. Peters: "Re: Security Question: require root passwd for single user modelogin?"
• Previous message: Graham Leggett: "Re: Security Question: require root passwd for single user modelogin?"
• In reply to: Graham Leggett: "Re: Security Question: require root passwd for single user modelogin?"
• Next in thread: Michael A. Peters: "Re: Security Question: require root passwd for single user modelogin?"
• Reply: Michael A. Peters: "Re: Security Question: require root passwd for single user modelogin?"

Why make it easier?

It is possible to physically lock down a box. Hardware exists just
for that. Even my Beige G3 has a place to put a lock to keep the case
closed. Many ATX boxes have even better locking mechanisms. In such a
situation, it is very difficult for someone who does in fact belong
at company xyz to swap out a hard drive without people looking at him
funny.

Physical security is always an issue- but why make it easier for
someone than it has to be?

The more someone has to go through in order to root the box or steal
the data on it, the less likely he will be in succeeding un-noticed.
The less tempting it is for him to do so.

It's not that other distros go out of their way to make their distro
more secure, what really bugs me is that Red Hat goes out of its way
to make their distro less secure!

Require the root password for single user. Require one to be root to shutdown.
Nobody else has any business in single user or shutting down. Why
then blatantly allow no password root access and non-root shutdown?

>"Michael A. Peters" wrote:
>
> > NOT requiring a password to boot single user is a Red Hat thing, and
> > it sucks for physical security.
>
>Access to the console, period sucks for physical security. Don't ever
>assume just because single user mode is password protected that it will
>stop anyone getting in.
>
>Just boot off alternate media like a CD or floppy and mount the root
>filesystem - you're in. If you password protect the BIOS, just take the
>harddrive out and put it in another machine for a few minutes until
>you're in. If you have physical access to the machine, you're in - the
>best security is lock and key.
>
>Regards,
>Graham
>--

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michael A. Peters-- http://24.5.29.77/Linux_Pages/
                                http://www.omnilinux.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  

• Next message: Michael A. Peters: "Re: Security Question: require root passwd for single user modelogin?"
• Previous message: Graham Leggett: "Re: Security Question: require root passwd for single user modelogin?"
• In reply to: Graham Leggett: "Re: Security Question: require root passwd for single user modelogin?"
• Next in thread: Michael A. Peters: "Re: Security Question: require root passwd for single user modelogin?"
• Reply: Michael A. Peters: "Re: Security Question: require root passwd for single user modelogin?"

This archive was generated by hypermail 2a24 : Tue Aug 29 2000 - 02:02:14 MDT