Security Basics mailing list archives
Re: security scenario
From: Gene Cronk <gene () hacktek com>
Date: Mon, 27 Jan 2003 19:57:17 -0500
No CD Rom/Floppy in the server? :-D Burton M. Strauss III wrote:
You can't ... well, the grub password may prevent the trivial case, but if you have physical access to the hardware, you have the keys to the universe. (What would stop Mr/Ms Cracker from bring his/her OWN grub floppy?) -----Burton -----Original Message----- From: camthompson [mailto:camthompson () shaw ca] Sent: Saturday, January 25, 2003 12:45 AM To: security-basics () securityfocus com Subject: security scenario consider this (I'm trying to make a network more secure) : A user enters grub upon bootup and hits "e" to edit the Linux boot procedure and then continues to boot into single user mode, and he then chagnes the root password to whatever he suits.... the user who did this is eventually tracked down and taken care of. Now, how would I prevent this from happening in future instances?
Current thread:
- Re: security scenario Jonathan Bowman (Jan 27)
- <Possible follow-ups>
- Re: security scenario ATD (Jan 27)
- Re: security scenario Gene Cronk (Jan 28)
- Re: security scenario Richard Arends (Jan 28)
- Re: security scenario Chris Berry (Jan 29)
- RE: security scenario s7726 (Jan 30)
- RE: security scenario MacFerrin, Ken (Jan 29)
- Re: security scenario Chris Berry (Jan 30)
- RE: security scenario pasi.kivikangas (Jan 30)