From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 18 Feb 2005 09:34:48 -1000 From: Tim Newsham To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] writing code In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Topicbox-Message-UUID: 0e7d0140-ead0-11e9-9d60-3106f5b1d025 >> I mean, turn it on, pick a random user name which is likely to work, and >> you're in with no password or anything. Am I the only one who thinks this >> is not so terrific? > > [answer 1] > i think it's realistic. a boot cd would get you the same access. > if you get physical machine access, you win. typing a password > to authenticate to the local system gives you the feeling of > security, not actual security. To prevent this you either need to prevent someone from booting (ie. bios password and hope they dont go through the trouble of yanking the drive or resetting the bios) or you need to protect the disk (after all thats probably what they want to get at after they log in, not network access or the gui). Something like: http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf would address this nicely. For those who don't want to chase down the paper, it's an encrypted disk format used by the FreeBSD group. Tim N.