Security Basics mailing list archives

Re: security scenario

From: Gene Cronk <gene () hacktek com>
Date: Mon, 27 Jan 2003 19:57:17 -0500

No CD Rom/Floppy in the server?  :-D

Burton M. Strauss III wrote:

You can't ... well, the grub password may prevent the trivial case, but if
you have physical access to the hardware, you have the keys to the universe.
(What would stop Mr/Ms Cracker from bring his/her OWN grub floppy?)

-----Burton

-----Original Message-----
From: camthompson [mailto:camthompson () shaw ca]
Sent: Saturday, January 25, 2003 12:45 AM
To: security-basics () securityfocus com
Subject: security scenario

consider this (I'm trying to make a network more secure) :
A user enters grub upon bootup and hits "e" to edit the Linux boot
procedure and then continues to boot into single user mode, and he then
chagnes the root password to whatever he suits.... the user who did this
is eventually tracked down and taken care of.

Now, how would I prevent this from happening in future instances?

Current thread:

Re: security scenario Jonathan Bowman (Jan 27)
- <Possible follow-ups>
- Re: security scenario ATD (Jan 27)
- Re: security scenario Gene Cronk (Jan 28)
- Re: security scenario Richard Arends (Jan 28)
- Re: security scenario Chris Berry (Jan 29)
  - RE: security scenario s7726 (Jan 30)
- RE: security scenario MacFerrin, Ken (Jan 29)
- Re: security scenario Chris Berry (Jan 30)
- RE: security scenario pasi.kivikangas (Jan 30)