Warp wrote:
>   Well, if you can reinstall linux in the computer, then that's basically
> the same level of insecurity as being able to reset the root password.

Um, no. That's what I'm saying.

>   How is the OS going to stop someone from booting from a specially created
> CD which allows you to read the contents of the HDs regardless of what
> the ownership flags of the files are?

Encryption techniques.

>   The only way to reduce that risk is to encrypt the files, but in that
> case then even being able to reset the root password is not going to help
> in decrypting them.

Ding ding ding!  Yes, that's what I'm saying.

> Accounts are of no use if the malicious person has direct access to
> the computer.

Depends what maliciousness they intend.

>> Again, you're making a boolean description of security. The fact that 
>> you can destroy the computer doesn't mean it's "insecure".
> 
>   Then we disagree.

More specifically, there are levels of security above the level of being 
able to destroy the computer.

>   If your files are encrypted then the root password is of no use to
> decrypt them. You can only do the same thing as you could do with the
> boot CD: Destroy or modify the files.

Ding ding ding!  Give that man a cigar.

>   What does this have to do with you being able to reset the root password?

That there are systems more secure than those which can have their root 
password reset without losing any data. That security isn't a boolean 
property.

>   Being able to reset the root password and being able to boot from a CD
> are basically the same thing. 

I disagree. If I can reset the root password on the machine on my 
desktop, then I can change the password on your account, log in as you, 
and access the remote resources that are supposed to be protected by 
that account.

-- 
   Darren New / San Diego, CA, USA (PST)
     Remember the good old days, when we
     used to complain about cryptography
     being export-restricted?

Post a reply to this message