On Tue, 2002-03-05 at 10:14, Michel Loos wrote: > Em Ter, 2002-03-05 às 11:57, will trillich escreveu: > > On Sun, Mar 03, 2002 at 09:40:48AM -0800, Xeno Campanoli wrote: > > > In the Trinity OS security recommenation they say to disable the ability > > > to run init interactively by setting > > > > > > prompt=no > > > > > This is the default in Debian (in lilo.conf) but it is not necessary, > even if the guy in front of the computer types the usual: > linux single > :he will not get root access to your computer without knowing the > passwd. (At least on testing with a 2.4.x kernel). > > If he wants access, he can always boot on a floppy or CD and do whatever > he wants to. > You will have to disable (in the BIOS) floppy/CD booting AND put a BIOS > passwd or all this is for nothing.
For this type of security yes you should disable booting from floopy and cd and other media and enable your bios password, but you can also put a password on lilo with the resrticed key-word as well as the password keyword. And yes an attacker could gain root access by typeing init=/bin/sh This would imediately give them a shell that has no prompt on it with root access to the entire system. Most people use this to recover a system after they forgot the root password. -- -Scott Henson [EMAIL PROTECTED]
