Request for Review - Fedora Security Basics

Paul W. Frields stickster at gmail.com
Sun Oct 9 23:55:57 UTC 2005 

On Sun, 2005-10-09 at 19:22 -0400, Tom Diehl wrote:
> On Mon, 10 Oct 2005, Felipe Alfaro Solana wrote:
> 
> > > http://www.fedoraproject.org/wiki/SecurityBasics
> > 
> > If one of the goals of Fedora Core is being secure right from the
> > start, why is the user allowed to enter single-user without supplying
> > the root password (sulogin)?
> 
> Because requiring a passwd on a box that you can sit in front of and take apart
> is STUPID!! All requiring a passwd for single user mode does is make me have to
> go find a rescue disk. What is the point? If you have physical access to the
> machine you can get into it. You do not need passwds. Some take a little longer
> than others. Why make the inevitable harder?
> 
> Think about windoze, Windoze requires a passwd for safe/recovery mode. All that
> does for me is make me find my CD case, insert the CD into the drive and boot
> from the CD. Machine does not have a CD you say OK now I have to go find a CD
> drive to plug into the machine and my CD case. There is a passwd on the BIOS
> you say, OK now I have to go find the little jumper on the MB to reset the BIOS
> to the factory defaults.
> 
> The above applies to windoze and Linux. It does not matter. Where there is a 
> will there is a way.

And let's not forget the old standby of simply removing the hard disk,
attaching it to another system, and getting at any yummy data that way.
Security starts with PHYSICAL security, as any security guru will tell
you.  If a system is not physically protected from unauthorized access,
not much else will be very effective.

-- 
Paul W. Frields, RHCE                          http://paul.frields.org/
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717
 Fedora Documentation Project: http://fedora.redhat.com/projects/docs/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-docs-list/attachments/20051009/316bb984/attachment.sig>

More information about the fedora-docs-list mailing list