Yet another Linux on the desktop article

[Jonathan Hutchins]

On Saturday 31 July 2004 02:06 am, Uncle Jim wrote:

> You have automounting?  You mean you'll mount my floppy with no questions
> asked?  If so then you can kiss security goodbye.  If "desktop ready" means
> total root access to anybody with a floppy in their pocket then I'm glad
> Linux doesn't have any.  

Most PC's will boot from a floppy - or for that matter a CD these days - 
before they ever even load the OS, so anybody with physical access can 
potentially compromise "security".  It's all in how you set the system up.  

I really can't see that simply mounting a floppy is any greater hazard than 
any other form of file loading.  Of course, if you could make a case for it, 
then you would want to turn automount off.  

Personally, if it's a "desktop", end-user targeted system, then the user 
should be able to mount whatever filesystems are accessible.  Can you imagine 
having to call tech support every time you wanted to mount a floppy?  Silly.

Of course, security is all a matter of degree.  You can lock down the BIOS 
with passwords, you can physically secure the case so the BIOS reset can't be 
reached, you can remove floppy drives and CD drives, you can disable USB or 
at least restrict it to existing devices, you can lock the system in a secure 
room and not connect it to the network.   Even at the NSA though, they loose 
track of removable devices and whole systems from time to time.  What's 
"secure"?