Ubuntu security hole? (not super major, but wondering if it is an issue to report)
Dick Davies
rasputnik at gmail.com
Tue May 9 09:42:06 UTC 2006
On 09/05/06, Chanchao <custom at freenet.de> wrote:
> On Tue, 2006-05-09 at 10:03 +0100, Dick Davies wrote:
> > What would be the point? It would'nt stop an attacker with physical access
> > (they'd just pull the drive and blank the passwords. I know I do),
>
> Well I did say "physically secured the computer, etc."
>
> But then, what's the point of having any passwords at all then when the
> computer is not physically secure?
Assuming that's not rhetorical,
a) it's better than nothing
b) you need to reboot to compromise the system if all you have is
physical access
c) it allows multiple users to share a machine
d) it makes things more secure on the network
for starters.
> At the very least this behaviour is inconsistent with requiring
> passwords elsewhere, if you're not going to bother with passwords once
> something goes wrong.
The case we're talking about here is when the machine has major
problems and can't mount it's disks. It's not on the network and isn't
going to be without some help.
I don't think that's the time to throw obstacles in the way of a user
who's trying to fix things, just to gain a false sense of security.
--
Rasputin :: Jack of All Trades - Master of Nuns
http://number9.hellooperator.net/
More information about the ubuntu-users
mailing list