From rick Sat Jul 13 10:26:47 2002 Date: Sat, 13 Jul 2002 10:26:47 -0700 To: plug@lists.q-linux.com Subject: Re: [plug] root user id. User-Agent: Mutt/1.3.28i Quoting Gideon N. Guillen (linuxman@flash.net.ph): > Hehehe. That really is the problem with the LILO prompt. Anyway, if > there's no way anyone can boot from any device other than the hard > disk, well you can replace LILO with GRUB. Well, with the version of > GRUB that came with Red Hat 7.3 (don't really know about other or > older version, first time to use it), you can password protect the > boot prompt just in case you want to do something not in the options > you configured for GRUB. And don't worry about people snooping for the > password in your GRUB's config file, cuz it's md5-hashed. hehehe. Back around my fifth birthday, I got as a gift a "piggy bank" in the form of a 6 inch steel cube, with a metal-and-plastic combination lock on the front door, resembling a toy rendition of a bank safe. I still have it, and keep in it my miscellaneous collection of currency from countries around the world (basically, whatever change I still had in my pockets from each country after I left). This provides just about exactly as much security as password-protecting the boot prompt, blocking floppy/CD-ROM booting in the BIOS, password-protecting access to the BIOS, etc. That is, an adult can break into my piggy bank in about two minutes of twiddling with the three-number combination lock. Or, if he's particularly inept or has a very low frustration tolerance, he could remove the door hinges or just smash the door in with a hammer. Or he could just carry the cube out of my house entirely, and open it at his leisure. (Ever drained a motherboard's CMOS to reset it? Guess what happens to your so-called "BIOS security"?) It's kinda cute when a five-year-old thinks a 6" x 6" x 6" toy cube is "secure" in any meaningful sense. The analogy to, say, Kurt Seifried of linuxsecurity.com is left as an exercise for the reader. -- Cheers, There are only 10 types of people in this world -- Rick Moen those who understand binary arithmetic and those who don't. rick@linuxmafia.com