> > Wow, I kind of knew there were ways to gain root access or even find out > the root password quite easily, but that's really really easy... > > On every standard Debian install, anybody can gain the root password > within minutes (given the attacker has phyiscal access to the box): >
(warning this is a fairly direct email and is not intended as a flame, rather it is trying to be blunt and carry a point) The answer is -- if they can touch your machine you have lost. *PERIOD*. End of discussion. This has been hammered to death on more lists than I can remember. Even if lilo is secured you still have booting media, case hacking, etc. Just put the whole thing in a cage and make it so they can not reboot. Otherwise you are wasting your time.
