On Sat, Jul 13, 2002 at 11:02:22AM -0400, leemav@attbi.com wrote: [snip]
Nevertheless, if you need an OS which treats root access a littlie more securely consider alternatives such as Redhat or FreeBSD. If you "forget" you root password you cannot merely insert a "resue disk" (a so neither can anyone else) and break in as root.
I've not used RH for a while, but unless they've made some major changes, that statement is utter rubbish. I don't think that RH encrypts /etc by default (like SuSE), so it would be just as open to the same sort of attack. In fact, I think that RH has gone to an ext3 default rather than ReiserFS, so SuSE might have a slight edge, since many (most?) root+boot disks won't have ReiserFS support yet, and ext3 is backwards-compatible to ext2. Perhaps you'd like to provide some evidence to substantiate your claims that RH is better? What stops you from inserting a bootdisk into the machine, rebooting, and mounting the root FS? I doubt that FreeBSD would be any different, but I can't comment on that since I've never used it.
With regard to data visibility--the concern is more then just whether or not someone else can see the data--it is what they can do as root which might breach the security of your network long after the initial breach.
Unless you encrypt the filesystem, it will always be open to modification by another self-contained OS which has support for the FS type used. As for networks, every resource should be secured by a password system, which communicates over an encrypted link. If you do this, then booting a different OS won't give you access to any network shares without the appropriate authentication keys/passwords. -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England