[techtalk] root passwd
Daniel Manrique
roadmr at entropia.com.mx
Fri May 11 19:17:37 EST 2001
>
> I've been informed this is a 'feature' not a 'flaw'..... sound like MS?
>
No, it doesn't.
The "linux single" or "linux 1" "security flaw" gets "spotted"
continuously, by people who don't realize that, given physical access to
the computer system, there's virtually *NO* way to protect from some kind
of intrusion or denial of service.
Imagine for a moment Linux didn't have this "flaw". It's just as easy for
me to walk in with a Linux boot floppy of any sort, reboot the computer,
boot using the aforementioned disk, mount the root filesystem, and
basically have my way with the system.
Interestingly, this kind of "flaw" is common to most operating systems I
can think of, save for those who provide encrypted filesystems.
That's why having your servers in a *physically secure* facility is
important when you're concerned about security. It doesn't matter if I
have the most secure operating system ever created; it doesn't matter if
the computer itself is practically locked in a safe and there's no way for
me to access the keyboard or the reset or power buttons in any way. It
would suffice for me to axe the power cord to effectively perform a DoS
attack on the system.
- Roadmaster
----------------
*
Save a tree- use E-Mail! roadmr at entropia.com.mx
*
More information about the Techtalk
mailing list