Request for Review - Fedora Security Basics
SEKINE tatz Tatsuo
tsekine at sdri.co.jp
Mon Oct 10 09:34:32 UTC 2005
From: Felipe Alfaro Solana <felipe.alfaro at gmail.com>
Date: Mon, 10 Oct 2005 11:02:45 +0200
> I agree that having physical access to the machine could make easy for
> an intruder to get into it, but sometimes the intruder has limited
> physical access, that is, the intruder can't steal the hard drive or
> the machine, only sit at the keyboard, restart the machine into
> single-user mode and reset the root password (and yes, I know I we can
> use a GRUB password).
If the GRUB password isn't used to protect the machine, the
boot parameter is editable.
In that case, the intruder can alternate "init" program with
/bin/sh, putting "init=/bin/sh" into the boot parameter. It
means that modified /etc/inittab can not protect the machine
because the file is read by /sbin/init (default "init"
programme).
--
SEKINE Tatsuo:
tsekine at sdri.co.jp System Design & Research Inst. Co.,Ltd.
More information about the docs
mailing list