Date: Thu, 18 Sep 2003 07:15:13 -0400 (EDT)
From: "Richard B. Johnson" <root@chaos.analogic.com>
Reply-To: root@chaos.analogic.com
To: John R Moser <jmoser5@student.ccbc.cc.md.us>
cc: linux-kernel@vger.kernel.org
Subject: Re: Small security option
In-Reply-To: <Pine.A32.3.91.1030917204729.33040A-200000@student.ccbc.cc.md.us>
Message-ID: <Pine.LNX.4.53.0309180709420.2371@chaos>
References: <Pine.A32.3.91.1030917204729.33040A-200000@student.ccbc.cc.md.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1232
Lines: 33

On Wed, 17 Sep 2003, John R Moser wrote:

> Why wasn't this done in the first place anyway?
>
> Some sysadmins like to disable the other boot devices and password-protect
> the bios.  Good, but if the person can pass init=, you're screwed.
>
> Here's a small patch that does a very simple thing: Disables "init=" and
> using /bin/sh for init. That'll stop people from rooting the box from grub.
>
> The file is attatched.

No. I can still boot your box, mount your root file-system, and
change the root password, all without you even knowing it.
If I have physical control of a computer, I own it. I can
do anything I want with it. If you could really prevent
somebody from "breaking in", then you can never sell it and
you are screwed if the password file gets corrupt (you would have
to throw everything away).

This patch is not useful.

Cheers,
Dick Johnson
Penguin : Linux version 2.4.22 on an i686 machine (794.73 BogoMips).
            Note 96.31% of all statistics are fiction.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/