A server cannot be considered secure unless physical access to it is controlled. That is why companies are spending so much money to secure their computer rooms and control access to them. Avi --On Monday, February 26, 2001 20:49 +0100 Sascha Kloss <01725832094@d2mail.de> wrote:
Hello
I recently bought 7.1 pro and forgot my root password. It was terrible. Anyway, after a bit thinkin' I took out the CD 2 and started the 'rescue system'. With that I had FULL ACCESS on MY HDDs!! Even /etc/pwd... . I created a new user with no password and root privileges. With that I edited the root pwd and ...
ping-- There is my new root pwd.
Isn't this a security hole. Let's say Microsoft's WEB-Server's runnin' Linux and I would have 10 Minutes physical access and my CD 2 with me. Then I could change the ROOT pwd.
Sascha
-- Avi Schwartz avi@CFFtechnologies.com