ctrl-c during boot != good
Axel Thimm
Axel.Thimm at ATrpms.net
Sun Sep 24 09:00:21 UTC 2006
On Sat, Sep 23, 2006 at 07:45:03PM +0200, Ola Thoresen wrote:
> It could ofcourse be made configureable, but then the same thing should
> be done for the "Interactive boot". Then there are times when you need
> it even if it is turned off in the config-file, so you would need to be
> able to override it from grub,
Adding a security measure in place that is overridable makes no
sense. grub has to be hardened as well, if you harden the rest of the
boot process. Unless you meant using grub with password protection, an
authorized override is OK, of course.
> and then my question is - what are the _real_ security gained from
> this?
Think of non-authorized persons sitting in front of the system,
power-cycling it, and manipulating the system boot-up (examples are
publicly exposed systems like student labs).
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060924/be2d1f4d/attachment.sig>
More information about the fedora-devel-list
mailing list