Yet another Linux on the desktop article
Jonathan Hutchins
hutchins at tarcanfel.org
Sat Jul 31 17:23:00 CDT 2004
On Saturday 31 July 2004 02:06 am, Uncle Jim wrote:
> You have automounting? You mean you'll mount my floppy with no questions
> asked? If so then you can kiss security goodbye. If "desktop ready" means
> total root access to anybody with a floppy in their pocket then I'm glad
> Linux doesn't have any.
Most PC's will boot from a floppy - or for that matter a CD these days -
before they ever even load the OS, so anybody with physical access can
potentially compromise "security". It's all in how you set the system up.
I really can't see that simply mounting a floppy is any greater hazard than
any other form of file loading. Of course, if you could make a case for it,
then you would want to turn automount off.
Personally, if it's a "desktop", end-user targeted system, then the user
should be able to mount whatever filesystems are accessible. Can you imagine
having to call tech support every time you wanted to mount a floppy? Silly.
Of course, security is all a matter of degree. You can lock down the BIOS
with passwords, you can physically secure the case so the BIOS reset can't be
reached, you can remove floppy drives and CD drives, you can disable USB or
at least restrict it to existing devices, you can lock the system in a secure
room and not connect it to the network. Even at the NSA though, they loose
track of removable devices and whole systems from time to time. What's
"secure"?
More information about the Kclug
mailing list