Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
On Thu, Mar 01, 2012 at 07:55:44PM +0000, Jim Henderson wrote:
On Thu, 01 Mar 2012 14:27:17 -0500, James Knott wrote:

Business employees generally do not get root or admin access to their
computers.

Arguably, working around that is trivial regardless of the OS. There
really is no security when the user has physical control of the device,
regardless of the OS.

With Linux, give anyone a grub menu and nothing else, and it's trivial to
get to a root prompt and change the root password.

Also extend your thinking in attack scenarios to code that breaks into your
webbrowser...

Do you want to have that malicious also be immediately able to execute
code as root?

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread