Re: Linux login security approaches

Mirian Crzig Lennox (mirian@xensei.com)
09 Dec 1998 17:35:01 -0500

Wesley Morgan <morganw@engr.sc.edu> writes:
> On Tue, 8 Dec 1998, Neil Conway wrote:
>
> > Jeez, wrong on both counts. No-one needs to replace /bin/login, simply
> > print a message to the screen saying "Linux blah \n login:" and then
> > wait for someone to take the bait.
> >
> > Secondly, NT's C-A-D requirement DOES prevent this, and thus DOES add
> > security, AND to make things better, I don't see how it makes life any
> > harder for users - it's just some keys you press to get a login screen.
>
> This whole argument is stupid... If you have access to the console then
> chances are you don't need the root password to get root. Bring out your
> handy floppy disk and manually edit /etc/shadow or whatever you want.

You'll probably get a million responses to this but: if the PC's BIOS
is password protected and set to not boot off of anything but the "C:"
drive, this attack won't work. If the PC's case is physically locked
so that it can't be easily opened, a cracker at the console will not
be able to easily compromise the system.

SAK is a good thing, and I wouldn't mind seeing Linux support it
(optionally) in some form.

-- 
Mirian Crzig Lennox                                Systems Anarchist
          "There's a New World Order coming every minute.
                      Make mine extra cheese."


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/