Mailinglist Archive: opensuse (6210 mails)
| < Previous | Next > |
Re: [opensuse] Routing Root's Mail to Another User
- From: nordi <nordi@xxxxxxxxx>
- Date: Sun, 09 Oct 2005 15:41:02 +0200
- Message-id: <43491DEE.1040509@xxxxxxxxx>
Carl Hartung wrote:
> Encouraging insecure practices is not a successful
> competitive strategy because it moves you farther away from the goal instead
> of closer to it.
When you see this as being insecure, what about GRUB not being password
protected by default? init=/bin/bash gave me immediate access to the
system last time I tried. Once you are at it, you should also require
people to secure their BIOS with a password and deactivate booting from
removable media/network. Because both methods will give an attacker full
access without having to use a screwdriver (those are another matter).
If (and only if) the user has adequately secured both his BIOS and his
boot loader he can start worrying about auto login, which does _not_
give you full control over the system, in contrast to the other two. I
think that it is safe to assume that every user that secures his BIOS
and boot loader is also clever enough to turn off auto login.
Regards
nordi
> Encouraging insecure practices is not a successful
> competitive strategy because it moves you farther away from the goal instead
> of closer to it.
When you see this as being insecure, what about GRUB not being password
protected by default? init=/bin/bash gave me immediate access to the
system last time I tried. Once you are at it, you should also require
people to secure their BIOS with a password and deactivate booting from
removable media/network. Because both methods will give an attacker full
access without having to use a screwdriver (those are another matter).
If (and only if) the user has adequately secured both his BIOS and his
boot loader he can start worrying about auto login, which does _not_
give you full control over the system, in contrast to the other two. I
think that it is safe to assume that every user that secures his BIOS
and boot loader is also clever enough to turn off auto login.
Regards
nordi
| < Previous | Next > |