From owner-freebsd-hackers Sat Jul 6 14:15:23 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA05437 for hackers-outgoing; Sat, 6 Jul 1996 14:15:23 -0700 (PDT) Received: from kropotkin.gnu.ai.mit.edu (kropotkin.gnu.ai.mit.edu [128.52.46.40]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA05421 for ; Sat, 6 Jul 1996 14:15:19 -0700 (PDT) Received: by kropotkin.gnu.ai.mit.edu (8.6.12/8.6.12GNU) id RAA21928; Sat, 6 Jul 1996 17:15:04 -0400 Date: Sat, 6 Jul 1996 17:15:04 -0400 Message-Id: <199607062115.RAA21928@kropotkin.gnu.ai.mit.edu> To: terry@lambert.org CC: kaveman@magna.com.au, terry@lambert.org, hackers@FreeBSD.ORG In-reply-to: <199607042255.PAA13790@phaeton.artisoft.com> (message from Terry Lambert on Thu, 4 Jul 1996 15:55:33 -0700 (MST)) Subject: Re: What is the best way to setup a drive From: Joel Ray Holveck Reply-to: joelh@gnu.ai.mit.edu Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >>> I don't think there is a problem with symlinking /etc/passwd; in >>> theory, it's not in use until after the mounts are done. >> Except when booting single user with an insecure console. :) > THere is no such thing as an insecure console, IMO. If they can > use a screwdriver to remove the hard drive, single user > non-password root access isn't a problem. Well, in the lab across the room from me, somebody can easily set up an insecure suid program in no time and not be noticed. But somebody is sure to notice through the glass walls the guy with a screwdriver and a maniacal look. This is the same idea behind encryption: make it hard enough to make it not worth the time spent to break root, for whatever reason. -- http://www.wp.com/piquan --- Joel Ray Holveck --- joelh@gnu.ai.mit.edu Fourth law of computing: Anything that can go wro .signature: segmentation violation -- core dumped