2009/11/18 Simo Sorce <ssorce(a)redhat.com>:
On Wed, 2009-11-18 at 13:19 -0500, Konstantin Ryabitsev wrote:
> This significantly limits the number of users with powers to install
> signed software -- almost to the point of where it sounds like a fair
> trade-off. If someone has physical access to the machine, then heck --
> it's not like they don't already effectively "own" it.
Most of my users wouldn't be able to "own" it even if I let a root shell
open, but they would definitely be able to install or remove packages
using the GUI.
The difference is huge.
If I have physical access to your machine, I'll own it. I may have to
use tools to get to the HDD, but it's only a question of time and
dedication.
Now, there can be situations where someone has access to the TTY
console or GDM (usually when it's a VM guest or a machine behind a
network KVM), but most often, if someone can log in on the console,
they are sitting in front of the physical box, to which they have full
access.
Regards,
--
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec