Yet another Linux on the desktop article

crash 3m crash3m at gmail.com
Sun Aug 1 04:46:38 CDT 2004 

'desktop ready' is usually a comparision to windows (since it's the
"desktop OS of choice" it seems) and the point click drool junkies it
drags along with it.

On Sat, 31 Jul 2004 23:46:49 -0500, Uncle Jim <jim at jimani.com> wrote:
> On Sat, Jul 31, 2004 at 01:20:23PM -0500, Jonathan Hutchins wrote:
> 
> > Most PC's will boot from a floppy - or for that matter a CD these days -
> > before they ever even load the OS, so anybody with physical access can
> > potentially compromise "security".  It's all in how you set the system up.
> >
> > I really can't see that simply mounting a floppy is any greater hazard than
> > any other form of file loading.  Of course, if you could make a case for it,
> > then you would want to turn automount off.
> 
> I realize that physical access to the hardware means all bets are off but automount
> is equivalent to root with no password.
> 
> It takes a little time and effort to open the case and short pins on the motherboard
> or pull hda and put it in another host.  Even Brian, who has the metro area's largest
> collection of "Live CD"s and should be considered potential security risk, would have
> to take the time to reboot the machine.  If I have a floppy with a copy of bash that
> is owned by root with permissions of 4755 and I come to your machine all I have to do
> is insert the floppy and type "/mnt/floppy/bash", 16 keystrokes.  If root has no password
> I simply type "su - root", 9 keystrokes.  So if you assume that I've always had a mouse
> and can only type with my left thumb and can only reach 10 words per minute (1 sec. per
> keystroke) thats only seven seconds + time to insert floppy different from root without
> password.  And I'm getting better with my left thumb all the time.
> 
> So, if you have a machine where you think a password for root is a waste of time then I
> think you should also enable automount.
> 
> Since mounting removable media carries a security risk I don't think it is unreasonable
> to have the system request a password before mounting.  Keep in mind that a security
> breach at your host usually is not just your problem, it often ends up affecting lots
> of other people on the Internet.
> 
> So I fail to see where the ability to automount should be a criteria for "desktop ready"
> unless "desktop ready" means isolated, unconnected host.
> 
> --
> Jim
> 

-- 
Got gmail? I do hahaha

More information about the Kclug mailing list