Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Short one : Re: Short one Server Time
11 Oct 2024 17:44:03 EDT (-0400)
  Re: Short one  
From: Warp
Date: 11 Oct 2007 07:22:06
Message: <470e075e@news.povray.org>
 
scott <sco### [at] laptopcom> wrote:
> >  The only way to achieve that is encrypting the files, in which case being
> > able to reset the root password is of no additional help (compared to 
> > being
> > able to boot from a CD).

> How are you going to reset the root password if the harddrive is encrypted?

  Perhaps you didn't understand what I said?

  Let me rephrase: Not being able to reset the root password does not add
any security compared to being able to boot from a CD.
  Conversely, being able to reset the root password is no more insecure
than being able to boot from a CD.
  Neither thing is going to help you decrypting those files. However,
both things can be used to abuse the system in other ways.

  I'm certain you can set up linux in a way that it's not possible to
reset the root password. However, that's somewhat moot if you are still
able to boot from a CD. Just boot from a CD and you have root access to
the HD. The only way to try to protect from that is to disable booting
from CD from bios and put a bios password. Of course this is only a slight
slowdown, not a working security measure (because that doesn't stop the
malicious person from physically removing the HD from the computer and
putting it in another), but it introduces a maintenance disadvantage:
You'd better not forget the bios password.

  The thing is, no matter what you try to do, if the malicious person has
direct access to the computer, it will be insecure. The only thing you can
do is to encrypt your data, in which case it doesn't matter if the root
password can be reset (because the root password doesn't help you decrypting
the files). This is completely equivalent to being able to boot from a CD,
and also to be able to remove the HD from the computer and putting it in
another.

  The initial claim was that being able to reset the root password (when
you are using the computer directly, not remotely) is somehow a security
hole. This is nonsense. It's not more of a security hole than being able
to boot from a CD or being able to physically transfer the HD to another
computer.
  You can, of course, disable this. However, it would be mostly useless
from a security point of view.

-- 
                                                          - Warp


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.