On Thu, Nov 26, 1998 at 08:14:27AM +0100, Johnny Tevessen wrote:
> Quoting David Luyer (luyer@ucs.uwa.edu.au):
>=20
> > However there's nothing
> > to stop the attacker compiling a new kernel and rebooting into it unles=
s you
> > go to significant effort there too,
>=20
> There is. Don't use lilo. Have a little DOS partition. Don't include
> DOS support in the kernel. Use a little DOS bootmenu to start Linux.
> But default to start DOS there. This prevents from having someone
> run lilo on a new kernel and do a shutdown -r.
What if they install lilo and overwrite the DOS bootloader?
What if they install mtools or another userspace msdos/fat tool?
If someone has root on your machine there is very little they can't do.
Ian
--=20
Ian McKellar imckellar@harvestroad.com.au
Web Author / Programmer Phone: +61 8 9389 6200
Harvest Road Communications Fax: +61 8 9389 6201
PGPkey: finger ian@harvestroad.com.au ICQ: 5628269
Tell me do you really know your brother man
Cause a heart speaks louder than a colour can
And why would you even shake a man's hand
If you're not going to help him stand
-- Ben Harper (Jah Work)
--k4f25fnPtRuIRUb3
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: wWbXHad1jSZO31X9jSi/Jdj27t6KbQB3
iQCVAwUBNl2smuc73mdZIn3VAQGuWAQArsK8briRScdPKv6UlGPuZ03FlUlka0nH
yh7feFypqOBLAugMyEYMKk9BVpkNFjzOJLnXIusVW/kLmzFDd/2vNvUAZfHY8gvi
8FQ2BdbegNJ9ZoWCuYROgwEJDqkXvaOq+74jVKyRcinsePOZKqkGcw/sG1EdTj/c
RftRmOWeAZ4=
=1pp6
-----END PGP SIGNATURE-----
--k4f25fnPtRuIRUb3--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/