ctrl-c during boot != good
Ola Thoresen
redhat at olen.net
Sun Sep 24 09:51:06 UTC 2006
On søn, 2006-09-24 at 11:00 +0200, Axel Thimm wrote:
> On Sat, Sep 23, 2006 at 07:45:03PM +0200, Ola Thoresen wrote:
<snip>
> > and then my question is - what are the _real_ security gained from
> > this?
>
> Think of non-authorized persons sitting in front of the system,
> power-cycling it, and manipulating the system boot-up (examples are
> publicly exposed systems like student labs).
But unless you harden grub (which you suggest - and that's a good thing)
you don't gain any security, as a person in front of the computer could
normally just boot into single user mode, or use a number of other ways
to bypass any security in the init scripts.
But we should maybe add a "secure boot" option, that will set a password
for grub, disable ctrl-c during init and the "interactive boot" question
as well as taking other measures to protect the startup.
Rgds.
Ola Thoresen
More information about the devel
mailing list