|
|
>
> The thing is, no matter what you try to do, if the malicious person has
> direct access to the computer, it will be insecure. The only thing you can
> do is to encrypt your data, in which case it doesn't matter if the root
> password can be reset (because the root password doesn't help you decrypting
> the files). This is completely equivalent to being able to boot from a CD,
> and also to be able to remove the HD from the computer and putting it in
> another.
Not 100% equivalent.
Changing a password is something you can do in a few seconds, and is barely
noticeable.
Rebooting on a CD is a slightly more noticeable operation.
And, if a password-locked BIOS is configured to prevent boot from CD,
removing the hard drive is very very noticeable.
See, there's still some levels in-between...
> The initial claim was that being able to reset the root password (when
> you are using the computer directly, not remotely) is somehow a security
> hole. This is nonsense. It's not more of a security hole than being able
> to boot from a CD or being able to physically transfer the HD to another
> computer.
It's a higher risk, since it can be done so quietly compared to the other
options you cite.
Fabien.
Post a reply to this message
|
|