Re: Encrypted Swap

Crutcher Dunnavant (crutcher@datastacks.com)
Tue, 7 Aug 2001 03:55:45 -0400


++ 07/08/01 00:34 -0700 - Steve VanDevender:
> John Polyakov writes:
> > Hmmm, if you have PHYSICAL access to the machine, you can simply reboot and type
> > "linux init=/bin/sh" and after it simply cat /etc/shadow and run John The Ripper....
> > Am i wrong?
>
> You can password-protect LILO to prevent others from giving it their own
> boot options. Similarly you can password-protect single-user mode so
> either a deliberate shutdown-and-reboot to single-user mode, or an
> attempt to induce the machine to go into single-user mode, will prevent
> others from getting at the single-user root shell.

Hmm. Physical access. Hammer. Take drive.

-- 
Crutcher        <crutcher@datastacks.com>
GCS d--- s+:>+:- a-- C++++$ UL++++$ L+++$>++++ !E PS+++ PE Y+ PGP+>++++
    R-(+++) !tv(+++) b+(++++) G+ e>++++ h+>++ r* y+>*$
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/