Quote:>Better get an extra NVRAM too, you'll need it to subvert
>the security-mode=full setting.
Or just bring a new system and hang the 'secure' disk off it.
Quote:>But opening the machine can be made difficult (cable through the
>screw on the back on lunchbox systems).
Nothing that a few tools can't deal with in minutes.
Quote:>Or is there someone who knows (and has tried in the minutes before posting
>a reply, otherwise don't bother) a way to get root with a system
>with security-mode=full by attacking the hardware/software in a way that
>does not involve the NVRAM.
See above 8)
Quote:>(I agree that a solution where root access on the machine doesn't matter
>to the rest of the net is preferable. This security-mode=full stuff does
>seem useful in other environments, especially in easily accesible
>not closely supervised labs)
That's the rub - it's very difficult to guarantee the security of a system
when it's vulnerable to physical attack. Better (where possible) to
spend a little time doing the physical security with hardware that's
designed for it (doors, windows, controlled-access systems) than trying
to take a plastic box & do the same with it.
If you're using individual workstations in the lab environment, then yes,
you have a major security disaster looming 8) Probably better to put
a server in the next room (locked) and use some cheap Xterms 8)
(ObInsecurity: Getting into a Multimax a friend of mine bought with no
passwords; walk around the back, unplug some disk, boot,
play... Very educational. (*sniff* lovely machine that,
# "The question 'why are the fundamental laws of nature mathematical' #
# then invites the trivial response 'because we define as fundamental #
# those laws which are mathematical'". Paul Davies, _The_Mind_of_God_. #