|
 |
Darren New <dne### [at] san rrcom> wrote:
> Right. And I was pointing out that resetting the root password from the
> local console is indeed a security hole if the owner of the computer
> isn't the one sitting at the console. Makes sense?
Well, if you can reinstall linux in the computer, then that's basically
the same level of insecurity as being able to reset the root password.
> > It would, quite naturally, not make too much sense that if you forgot
> > the root password, you would be completely stuck and the computer would
> > become completely unmaintainable. There must, of course, be some way of
> > resetting the root password (given that you have direct physical access
> > to the computer). It's just common sense.
> Sure. But preserve all the data of everyone on the machine when
> resetting the password is less secure than resetting the password by
> wiping out all data on the machine.
How is the OS going to stop someone from booting from a specially created
CD which allows you to read the contents of the HDs regardless of what
the ownership flags of the files are?
The only way to reduce that risk is to encrypt the files, but in that
case then even being able to reset the root password is not going to help
in decrypting them.
> > Accounts, access control, etc. are only good for remote access.
> I disagree. If they're only good for remote access, why is there advice
> that you shouldn't log in as root for everyday use?
If you are referring to protection against fumbling things (eg.
accidentally writing "rm /"), then of course it's a good thing to not
to be always logged as root. However, I was talking from the point of
view of a malicious user who wants to do some mayhem to the system.
Accounts are of no use if the malicious person has direct access to
the computer.
> Again, you're making a boolean description of security. The fact that
> you can destroy the computer doesn't mean it's "insecure".
Then we disagree.
> > You mean some OS can stop someone from booting from a CD and wiping
> > the HDs, for example?
> No, but that's *more* secure than someone booting from a CD and reading
> all your files. That's why they invented paper shredders.
If your files are encrypted then the root password is of no use to
decrypt them. You can only do the same thing as you could do with the
boot CD: Destroy or modify the files.
> I'd rather have my backup disks, when stolen by a thief, get wiped out
> and sold as blank media than to have all my personal information
> accessible to the thief. There's not too much you can do to keep the
> disk from getting stolen, but you can keep the data from getting stolen.
What does this have to do with you being able to reset the root password?
> > Remote access can be made much more secure.
> No question there. Remote access prevents a number of attacks. But that
> doesn't mean local access must or even should allow all attacks.
Being able to reset the root password and being able to boot from a CD
are basically the same thing. The only way you can "protect" anything is
by encryption, in which case neither thing is too helpful in decrypting.
--
- Warp
Post a reply to this message
|
|
