[buug] Great Links re. Internet/Linux Security
Rick Moen
rick at linuxmafia.com
Sun Aug 6 13:39:55 PDT 2000
begin Nicolai Rosen quotation:
> I'd like so see how (with the additional provision that the boot
> sequence is set properly in the bios so you can't boot off of floppy,
> something any sane setup would include). And no cheap tricks involving
> security holes in specific implementations of protocols and the like.
I'll bet you didn't know about the standardised service passwords for
BIOS Setup access, did you?
The Linux setups at City College of San Francisco and at The Coffeenet
were designed with knowledge of those in mind. We figured a sizeable
number of people would know of the service passwords for the AMI BIOS.
So, those machines are set up such that, if you crack root, you actually
have _fewer_ rights on that LAN (both were NIS+/NFS-based) than if you
stuck to your regular user account.
There remains, of course, the possibility that such a user would
eventually "rm -rf /" (or such) on a given machine's console. That's
why there were disk images stored on the NFS server, to untar onto the
workstations if necessary.
The NIS+/NFS servers were, of course, situated in locked rooms. Thereby
returning us to my original point.
--
Cheers, "Open your present...."
Rick Moen "No, you open your present...."
rick (at) linuxmafia.com Kaczinski Christmas.
-- Unabomber Haiku Contest, CyberLaw mailing list
More information about the buug
mailing list