1 |
I helped a friend install Ubuntu GNU/Linux on his laptop, he left |
2 |
town, forgot his passwords, and I promised to breakin for him, so he |
3 |
can re-do his passwords. Told him all I have to do is run Knoppix, |
4 |
access his partition, and delete the little x in the password file. |
5 |
Then he would reset his root password in be back in business. |
6 |
|
7 |
He felt betrayed. I understand why, I think: what's secure about |
8 |
GNU/Linux if anyone can boot the system and reset his passwords? |
9 |
|
10 |
I said, Dunno. I'll ask on the Gentoo list. |
11 |
|
12 |
How can anyone easily avoid the problem of anyone being able to access |
13 |
the guts of his machine using a live CD? I already thought of one: |
14 |
use the BIOS to disallow booting from a CD or Floppy, and set a |
15 |
password on the BIOS. Don't know whether all BIOSes will allow this, |
16 |
and anyway, isn't it possible on a lot of motherboards to short out |
17 |
the EPROM and thus reset the password of the BIOS? |
18 |
|
19 |
Of course, if he would forget his password he would lose all his data. |
20 |
|
21 |
Oh, well, does anyone have anything to suggest or to say about this? |
22 |
|
23 |
Alan Davis |
24 |
|
25 |
-- |
26 |
gentoo-user@g.o mailing list |