Douglas Allan Tutty wrote in Article <[EMAIL PROTECTED]> posted to gmane.linux.debian.user:
> On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote: >> Douglas Allan Tutty wrote: >> > Reflecting on recent posts re allowing root login (related, but I >> > didn't want to steal the thread), I'm wondering about a home network >> > and what >> > to bother with. There's a touch of devil's advocate in this but the >> > concept that physical access == root access causes one to wonder. >> >> Well, if you consider that, you also might want to consider making sure >> the systems cannot boot from a CD, USB or anything else than the HD >> where Debian is installed and make sure that the BIOS has a password >> protect to prevent someone from changing this. Because if someone with >> a liveCD comes along, all the strong passwords you want won't save your >> data. > > Right, but someone on a recent thread argued that securing the bios is > useless since physical access to the box means that they can get root > access anyway. You can make that tricky with a Master lock using the lock loop on the case door. Granted, on most cases, this will make the lock the strongest link in a weak chain (given how flimsy most cases are relative to tinsnips). >> That is what I do, but I make sure that the internet is down when I do >> that, so there is no chance of someone coming in, or anything going out >> while I am backing up, just a safety precaution. One can never be too >> careful. > > How does running a backup as root make it more likely that someone can > come in from the net and get root? Covert execution of arbitrary tasks? Though in every scenario I can think of this coming up, the machine is already compromised to the point where doing such a thing would be moot. -- Paul Johnson Email and IM (XMPP & Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
