[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Entering without a password...
* Mayuresh Kathe <email@example.com> [040214 09:58]:
> It outlines how a user can get in if s/he has forgoten the root password.
> Isn't it risky? so if someone has physical access to a machine they can
> easily get in.
Physical access is administrative access. Always.
> Is there anyway to override this behaviour?
Lock away your boxen? ;-)
> Then we can make a machine super secure by having a box without a floppy
> disk or a CD-ROM drive.
And anyone with pyhsical access can open the box and plug in a floppy,
CD-Rom, might even just plug in a USB/firewire CD-Rom and boot. Oh,
forget about BIOS passwords, there are always ways to reset these.
Or just put in a second harddisk in the box, boot from it and dd the
original disk so he/she can take it home for analysis and so on and
so on. Think about external key-loggers, just plugged in between the
box and the keybaord. And so on... Cruel, isn't it? }:->