Yet another Linux on the desktop article
crash 3m
crash3m at gmail.com
Sun Aug 1 04:46:38 CDT 2004
'desktop ready' is usually a comparision to windows (since it's the
"desktop OS of choice" it seems) and the point click drool junkies it
drags along with it.
On Sat, 31 Jul 2004 23:46:49 -0500, Uncle Jim <jim at jimani.com> wrote:
> On Sat, Jul 31, 2004 at 01:20:23PM -0500, Jonathan Hutchins wrote:
>
> > Most PC's will boot from a floppy - or for that matter a CD these days -
> > before they ever even load the OS, so anybody with physical access can
> > potentially compromise "security". It's all in how you set the system up.
> >
> > I really can't see that simply mounting a floppy is any greater hazard than
> > any other form of file loading. Of course, if you could make a case for it,
> > then you would want to turn automount off.
>
> I realize that physical access to the hardware means all bets are off but automount
> is equivalent to root with no password.
>
> It takes a little time and effort to open the case and short pins on the motherboard
> or pull hda and put it in another host. Even Brian, who has the metro area's largest
> collection of "Live CD"s and should be considered potential security risk, would have
> to take the time to reboot the machine. If I have a floppy with a copy of bash that
> is owned by root with permissions of 4755 and I come to your machine all I have to do
> is insert the floppy and type "/mnt/floppy/bash", 16 keystrokes. If root has no password
> I simply type "su - root", 9 keystrokes. So if you assume that I've always had a mouse
> and can only type with my left thumb and can only reach 10 words per minute (1 sec. per
> keystroke) thats only seven seconds + time to insert floppy different from root without
> password. And I'm getting better with my left thumb all the time.
>
> So, if you have a machine where you think a password for root is a waste of time then I
> think you should also enable automount.
>
> Since mounting removable media carries a security risk I don't think it is unreasonable
> to have the system request a password before mounting. Keep in mind that a security
> breach at your host usually is not just your problem, it often ends up affecting lots
> of other people on the Internet.
>
> So I fail to see where the ability to automount should be a criteria for "desktop ready"
> unless "desktop ready" means isolated, unconnected host.
>
> --
> Jim
>
--
Got gmail? I do hahaha
More information about the Kclug
mailing list