> On this particular PC, I moved the cable to the
> position where it is not bootable. Other possibilities would be removing
> the floppy drive entirely or putting the main part of the computer in a
> locked cabinet. I thought the dangers of bootable floppies and insecure
> furniture were well-known.
Indeed they are. (My prefered solution would be to flop the bios switch for
booting off the floppy, then password-protect the bios. That way, students
can put things on floppies.)
> This patch does not rely on security through obscurity; it simply makes it
> possible for the user to configure out a seldom-used feature of the
> kernel.
Right... you can't use this patch for security, like (whomever I replied to)
sugusted.
> With the stock kernel, the feature is enabled whether the user
> wants it (or knows it exists) or not. Calling this "insecurity through
> obscurity" would not be a great exaggeration.
Not really. Disabling the init= option dosn't make the system much more
secure. You could, for example, put in a floppy with a root, and set root=.
Or you could put in a boot-floppy (on most systems).
-=- James Mastros
-- "I'd feel worse if it was the first time. I'd feel better if it was the last." -=- "(from some Niven book, doubtless not original there)" (qtd. by Chris Smith)