Re: package submission policy question

[Matthew Miller <mattdm mattdm org>]

On Thu, Jun 02, 2005 at 03:48:24PM +0200, Christian Iseli licr org wrote:
> > probably with the further suggestion that this is why it's a really good
> > idea to have a grub password.
> I'm afraid this will not be much help against someone bringing a bootable
> CD along...

Restrict boot options in the BIOS.

> Secure servers need to be in a locked, access controled, place...

It's all about managing various levels of risk. Sure, someone *could* easily
pick the lock on the door to my house (picking a cheap home door lock is
easy if you know what you're doing), but I still close and lock my door.

If you've got a secure server, it should be in an access-controlled server
room. If you've got a lab, physical locks on the hardware combined with the
above passwords is probaby good -- sure, someone *could* get a hacksaw, but
that's why we've got security cameras and lab monitors.

If you've got a system on your desk in your dorm that you'd prefer to
discourage your roommate from getting root, setting these boot passwords is
probably sufficient even without physical locks.

-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 77 degrees Fahrenheit.