On Wed, Aug 5, 2009 at 11:15 PM, Corey<co...@bitworthy.net> wrote: > On Wednesday 05 August 2009 19:42:54 Anthony Sorace wrote: >> > * I hope I don't get beat up on this one (well, I hope I don't get too >> > beat up on _any_ of these questions...), but it seems strange that >> > something as important as a cpu/auth server would just go and boot up >> > right into the hostowner... apparently this a non issue - so what am I >> > not understanding? >> >> philosophy. plan9, like research unix before it, recognizes that if >> you have physical access to the box, all bets are off anyway. >> > > Well, sounds like a flawed philosophy taken too far. > > Flawed, because all bets are not necessarily off with physical access; > and taken too far, because... dang, what harm is there in providing > that last means of interference to a hostile? > > Cpu/Fs/Auth server says: "If you can touch me, I'm _all_ yours..." > > What a fascinatingly... loose... form of security, if you catch my drift. > > >> security consists of locking your door. >> > > ... which means bootes is just a quick hacksaw or boltcutter or > crowbar away... so why even bother with a locked door? > > Security is ultimately about the price/time/effort/skills a potential > attacker (or vandal) is willing (and able) to put forth in order to overcome > a system's security measures. A password is amazingly effective for a > vast number of the most common circumstances encountered in many > typical environments. >
I argued this once too, but eventually came around to the Plan 9 way of thinking. Once you have physical access to the machine, it's yours anyway. Just boot the Plan 9 CD and mount the fossil or any of the other possibilities that arise when you are able to physically insert bootable media into a system and force it to reboot. If your Linux system is sitting out, oh no, there's a big scary login prompt! First thing I try is rebooting and adding "single" to the end of the kernel options. If that doesn't work, I grab a bootable Linux CD, boot it, and mount your filesystem. Unless you're encrypting the disk (probability: low), it's all mine now. I don't remember the procedure, but I'm pretty sure VMS (reputedly one of the most secure OSes, if not the most secure OS, in use today) has a similar option for bypassing the console password on boot, and of course you can always steal the disk and take it elsewhere, mount a new boot tape, etc. John -- "Object-oriented design is the roman numerals of computing" -- Rob Pike
