Re: Does Security matter at all?

To: Debian Developerslist <debian-devel@lists.debian.org>
Subject: Re: Does Security matter at all?
From: Andreas Fuchs <asf@acm.org>
Date: 04 Jul 2000 22:50:23 +0200
Message-id: <[🔎] 87itulk4c0.fsf@dahaIM.dyndns.org>
In-reply-to: "Christopher W. Curtis"'s message of "Tue, 04 Jul 2000 11:34:11 -0400"
References: <[🔎] 20000704142808.C29338@Aleph.Christen.Net> <[🔎] 14689.55703.962204.806584@luna.vihrealiitto.fi> <[🔎] 3961F933.C3FD5552@aet-usa.com> <[🔎] 14689.64114.887860.652238@luna.vihrealiitto.fi> <[🔎] 396203F3.4EEDD190@aet-usa.com>

Ok. I might have misunderstood you -- it just seems like you did quite
seriously misunderstand one very significant word Ari Makela wrote. I
hope I can moderate between you two.

Today, Christopher W Curtis <ccurtis@aet-usa.com> wrote:
> Ari Makela wrote:
>> No, because physical access is needed there's absolutely no
               ^^^^^^^^^^^^^^^ please read this again and think about
                               what this means.

>> solution. I must say I haven't read all the posts in the thread but I
>> have understood that physical access is needed. If that's correct
>> there's no security. Tell me if I'm wrong.

> Fine, I'll stand down - as long as you agree that if anyone has access
                                                                  ^^^^^^
And now, please read again what you said and, again, think about what
you mean.

> to a machine, then there is no use in even assigning a password for
> root.

There is a value in assigning a password to root. Quite so, if there
are any users (apart from root) which will have _access_ to the
machine -- access as in, ssh, rsh, ftp etc.

There may also be some value in assigning a password to root even if
there are any users that will have _physical access_ to the machine --
access as in, can change disks, can open the case to peek what's
inside, pick some hard disks from their place or poke a ten-inch-nail
into the mainboard (with the aid of a sledgehammer).

There may be some value to it, but not much, because if the user has
physical access to the machine, he can do nearly everything he likes
with it: smash it to little pieces, reboot it with an emergency
floppy, take out a hard drive (which may as well be a hot drive, but
let's not elaborate on that).

You see, there are some suble differences between mere access to a
machine and physical access to it. That is why @VBCs have their
important machines behind big, heavy steel doors which can be locked
pretty tight.

> Christopher

HTH, and that I could clear matters between you two a bit.

regards,
-- 
Andreas Stefan Fuchs                             in Real Life aka
asf@acm.org, asfuchs@gmx.at, asf@ycom.at         in NNTP and SMTP,
antifuchs                                        in IRCNet and
Relf Herbstfresser, Male 1/2 Elf Priest          in AD&D

Reply to:

Follow-Ups:
- Re: Does Security matter at all?
  - From: Remco Blaakmeer <remco-blaakmeer@quicknet.nl>

References:
- Does Security matter at all?
  - From: "Alexander N. Benner" <Nikodemus@innocent.com>
- Re: Does Security matter at all?
  - From: Ari Makela <hauva@iki.fi>
- Re: Does Security matter at all?
  - From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
- Re: Does Security matter at all?
  - From: Ari Makela <hauva@iki.fi>
- Re: Does Security matter at all?
  - From: "Christopher W. Curtis" <ccurtis@aet-usa.com>

Prev by Date: Re: SECURITY PROBLEM: autofs [all versions]
Next by Date: Re: kernel 2.2.17 boot disk prob! (HELP!)
Previous by thread: Re: Does Security matter at all?
Next by thread: Re: Does Security matter at all?
Index(es):
- Date
- Thread