|
 |
Darren New <dne### [at] san rrcom> wrote:
> > The only way to reduce that risk is to encrypt the files, but in that
> > case then even being able to reset the root password is not going to help
> > in decrypting them.
> Ding ding ding! Yes, that's what I'm saying.
No, it isn't. You hinted in your first post that being able to reset
the root password is a security hole.
What I'm saying is that it's no more of a security hole than being able
to boot from a CD. The only protection against these two things is to
encrypt the files (or not to let anyone access your computer directly,
only remotely).
Besides, linux can probably be configured to disallow booting in
single-user mode (which is the only way to reset the root password
without having to resort to more drastical measures), if you really
want that.
> > Being able to reset the root password and being able to boot from a CD
> > are basically the same thing.
> I disagree. If I can reset the root password on the machine on my
> desktop, then I can change the password on your account, log in as you,
> and access the remote resources that are supposed to be protected by
> that account.
You can do that with a proper boot CD too. So there's no difference.
--
- Warp
Post a reply to this message
|
|
