'desktop ready' is usually a comparision to windows (since it's the "desktop OS of choice" it seems) and the point click drool junkies it drags along with it. On Sat, 31 Jul 2004 23:46:49 -0500, Uncle Jim wrote: > On Sat, Jul 31, 2004 at 01:20:23PM -0500, Jonathan Hutchins wrote: > > > Most PC's will boot from a floppy - or for that matter a CD these days - > > before they ever even load the OS, so anybody with physical access can > > potentially compromise "security". It's all in how you set the system up. > > > > I really can't see that simply mounting a floppy is any greater hazard than > > any other form of file loading. Of course, if you could make a case for it, > > then you would want to turn automount off. > > I realize that physical access to the hardware means all bets are off but automount > is equivalent to root with no password. > > It takes a little time and effort to open the case and short pins on the motherboard > or pull hda and put it in another host. Even Brian, who has the metro area's largest > collection of "Live CD"s and should be considered potential security risk, would have > to take the time to reboot the machine. If I have a floppy with a copy of bash that > is owned by root with permissions of 4755 and I come to your machine all I have to do > is insert the floppy and type "/mnt/floppy/bash", 16 keystrokes. If root has no password > I simply type "su - root", 9 keystrokes. So if you assume that I've always had a mouse > and can only type with my left thumb and can only reach 10 words per minute (1 sec. per > keystroke) thats only seven seconds + time to insert floppy different from root without > password. And I'm getting better with my left thumb all the time. > > So, if you have a machine where you think a password for root is a waste of time then I > think you should also enable automount. > > Since mounting removable media carries a security risk I don't think it is unreasonable > to have the system request a password before mounting. Keep in mind that a security > breach at your host usually is not just your problem, it often ends up affecting lots > of other people on the Internet. > > So I fail to see where the ability to automount should be a criteria for "desktop ready" > unless "desktop ready" means isolated, unconnected host. > > -- > Jim > -- Got gmail? I do hahaha