* Koyote said: > >so that root password, or some other verification system is required, > >before a reinstall is permitted. It is true that compromising a > system > >this way requires unfettered access to the box. However as Linux is > >used more and more in commercial environments this issue will need to > be > >addressed. > > > If you think about it- this is no different than windows: power off, > insert cdrom or disk one and power on. > > I don't think that there is any good answer for this. Workarounds > abound, for the paranoid: you can wire a hidden switch that must be > reset by hand after a power off (uses a small electromagnet to > maintain on status) that controlls power to all drives. > You can lock the computer, so that no one can get to the drives. > You can setup a computer that is not bootable from cdrom, and remove > the floppy drive (install it when you need to do a full > install.)...(and no, I have no idea how to make the cdrom unbootable > on a linux pc. I'll learn sooner or later.) If one wants to go through so much trouble istead of disallowing physical access, he can spend several $ to buy a device which requires a magnetic, or chip card to gain access to any device in the machine. The chip cards use a one-time password scheme to prevent password spoofing - I think DEC sells such devices, but don't quote me. Such device has one disadvantage - the server won't reboot on its own when anthing fails - it will wait till someone with enough privilege comes and inserts the chip card to finish the reboot process. It can be overcome by using a watchdog hardware card which would be connected in such a way, that the security system would allow full system reboot ONLY if initialized by the watchdog hardwar. But still, it's much less security than putting the server away from anybody's hands.
> If someone wants to workaround these safety features, they can > just dismount your hdd and leave, anyway. Exactly. > If you are talking about having a password resident in your boot > sector or some such soft password, I just come in and boot a floppy > that deletes it before loading your system. Sort of. One-time passwords can help. regards, marek
pgpxCStBp7Y1N.pgp
Description: PGP signature
