Re: Small security option

From: Mitchell Blank Jr
Date: Wed Sep 17 2003 - 20:16:56 EST

Next message: Chris Wright: "Re: Small security option"
Previous message: Stevie-O: "Re: Aliasing physical memory using virtual memory (from a d"
In reply to: Rene Rebe: "Re: Small security option"
Next in thread: Chris Wright: "Re: Small security option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John R Moser wrote:
> Some sysadmins like to disable the other boot devices and password-protect
> the bios. Good, but if the person can pass init=, you're screwed.

1. If you have physical access to the machine you're screwed anyway (boot
from a CD... if BIOS is password-protected just temporarily put the
harddrive in another machine)

2. In the relatively rare cases that you have physical access to the console
but not the machine (locked down kiosks or secured lab settings) you can
(and should) secure the bootloader. This prevents any malicious command
line options (think "root=my.nfs.server:/toolkit") not just "init=".

So this patch is basically pointless.

-Mitch
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: Small security option"
Previous message: Stevie-O: "Re: Aliasing physical memory using virtual memory (from a d"
In reply to: Rene Rebe: "Re: Small security option"
Next in thread: Chris Wright: "Re: Small security option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]