On Fri, 2003-08-15 at 10:59, Dario Lopez-Kästen wrote:
From: "Jaroslav Lukesh" <lukesh@seznam.cz>
Odesílatel: Dylan Reinhardt <zope@dylanreinhardt.com> On Thu, 2003-08-14 at 13:15, J Cameron Cooper wrote:
It is extremely difficult to protect against people with physical or root access to a machine. If I can sit down in front of it, I can get root
Indeed.
I am not as sure. If you have securitelly configured system and case with security lock, you could not get local access in any manner.
uhm... it will get a bit *harder*, not impossible. Important to note that it will *never* be impossible. As long as there is a console available to the machine it will work.
+1 If you unplug your server and lock it in a bank vault, it might be impossible to hack. Any running, networked server should be regarded as being somewhat more vulnerable. Providing *any* level of physical access represents increased risk... even if the physical access only extends to the network equipment. You're not going to lock up the routers, are you? It's a rare server that can stand up to even a couple hours of probing by a knowledgeable and sufficiently determined attacker. If you want to know if your server can be rooted the answer is yes, it can. Ultimately, this is a question of mitigating and managing risk. That's why I'd approach it as a legal question. Make it hard enough that nobody is going to break in by accident and take legal measures to provide disincentives against determined attack. $.02 Dylan