[Mageia-dev] bug, omission or feature

Mon Jun 4 13:10:24 CEST 2012

On Sunday, 3 June 2012 17:52:47 Colin Guthrie wrote:
+> On the whole, this kind of "security" is basically bullshit anyway.
+
+You can't make that assessment without understanding the rest of the security 
+environment.
+
+> It
+> might make things a tiny bit harder, but if you can get into the
+> bootloader to append a 1 on the command line,
+
+Maybe you *can't* append anything you like to the command-line. Maybe the 
+bootloader configuration has a 'boot single' option, which should require 
+entry of the root password to access the system.
+
+> you can also append
+> init=/bin/bash too which totally bypasses everything too.
+
+Not if the bootloader configuration is password protected (IOW, you can boot 
+any configured option, but if you want to modify anything, you need to provide 
+a password, different from the root password).
+
+> So while it's
+> maybe a nice idea, for all practical purposes, it's not any kind of real
+> security anyway, so don't rely on it!
+
+No security implementation relies on a single control being in place. A numebr 
+of modern security best practices have thousands of controls, and the 
+requirement for a password to be entered to boot single is almost always one 
+of them, and a requirement for a bootloader password is usually another.
+
+Regards,
+Buchan
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-dev/attachments/20120604/e81fe020/attachment-0001.html>
+