Re: Security testing: need for a security policy, and a security-critical package process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 30, 2009 at 16:39:05 -0500,
  Gene Czarcinski <gene@xxxxxxxxx> wrote:
> 
> As I see it, the problem is that without a grub password, then an un-
> privileged user can edit the command line to disable selinux or bootup in 
> single user mode.
> 
> On the other hand, there is also "good enough" versus perfect.  In a perfect 
> world, a user would (by default) be required to enter that password.  In a 
> "good enough" world, have the option to set the password.

If the threat model includes actively malicious people at the console, I'd
rather see encrypted file systems than a grub password. (And that doesn't
help if you don't realize that a malicious person may have had access
and that you shouldn't trust the system any more.)

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux