Changing Root Passwords without a Live CD

Mike Oliver moliver-fC0AHe2n+mcIvw5+aKnW+Pd9D2ou9A/h at public.gmane.org
Tue Feb 9 21:51:45 UTC 2010


Quoting Robert Brockway <robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org>:

> On Tue, 9 Feb 2010, Mike Oliver wrote:
>
>> Is there a way I can make it require a password to edit the boot 
>> line at all?
>> I don't want anyone who happens to find my laptop, when I've walked away
>> from it for five minutes, to be able to get a root shell!
>
> Both lilo & grub support passwords to change the boot line but it's 
> important to keep in perspective how much security this offers.
>
> Someone with physical access to the box can change the boot device in 
> the BIOS and circumvent any bootloader protection.
>
> You can set a BIOS password but someone with physical access to the 
> machine can even potentially clear that using a jumper on the 
> motherboard (yes this would be quite obvious).

Yes, water seeks its own level but we still build dams.  I'm not talking
about security against someone who has time to physically open up the
machine.  I'm talking about making it difficult for someone with very
limited physical access, like you might get in an airport or a coffee shop,
to do anything nasty with it.

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list