On Tuesday 25 March 2008, Liviu Andronic wrote:
> >  But you can boot from a LiveCD, mount your harddrive, chroot and
> > then give root another password.
>
> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes
> in order to become the super user of your system. Basically, the
> password seems useful only to know whether anyone has changed it
> behind your back.

Let me guess - you own a notebook and most of your exposure to running a
computer is limited to that, and you have never administered a real
server somewhere, right?

It's very very easy to keep your servers safe from physical access
attacks - make sure the bad guys can't touch it. This is so easy to do
it's laughable - we use a locked door. The only people who have a key
are those who have to root password anyway.

On a notebook, there isn't an OS in existence that is immune to a
LiveCD. If this concerns you, apply some biometrics and encrypted
filesystem patches. Or stop using notebooks. Or stop using computers
that someone else can touch.

--
Alan McKinnon
alan dot mckinnon at gmail dot com

--
gentoo-user@(protected)