> Boot-floppy! (of cource, you could just put a kernel on the boot-floppy...)
> Security through obscrity at it's worst!
I use an analogous patch with Linux 2.0 on a PC which I set up for the use
of students at a high school. On the PC platform, the cable going to the
floppy drive determines whether it is bootable or not (sometimes there is
a BIOS option too). On this particular PC, I moved the cable to the
position where it is not bootable. Other possibilities would be removing
the floppy drive entirely or putting the main part of the computer in a
locked cabinet. I thought the dangers of bootable floppies and insecure
furniture were well-known.
This patch does not rely on security through obscurity; it simply makes it
possible for the user to configure out a seldom-used feature of the
kernel. With the stock kernel, the feature is enabled whether the user
wants it (or knows it exists) or not. Calling this "insecurity through
obscurity" would not be a great exaggeration.
___
Trevor Johnson