From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Je4UC-0001xG-S3 for garchives@archives.gentoo.org; Tue, 25 Mar 2008 08:26:25 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AE1BDE06EC; Tue, 25 Mar 2008 08:26:22 +0000 (UTC) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by pigeon.gentoo.org (Postfix) with ESMTP id 6F19AE06EC for ; Tue, 25 Mar 2008 08:26:22 +0000 (UTC) Received: by nf-out-0910.google.com with SMTP id f5so1030109nfh.26 for ; Tue, 25 Mar 2008 01:26:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=TeaDCc8Eb/zKvwPmyn/1bsbJvuorO9sxEqQ2mLQlG/g=; b=PUjzs6Uc05YohrWJjHv+wjGDJyqyW9p+EyWm6lTxE2Soe7eGDdzUjkHcdLrMnDBglFjPvE3E1sHyhJ97gq/uFU9xmRdh6IOc/9IlKbJ0NuBOWmCNsxPEVmpXblrd08BRdpks1zAK6kgZkXLoG7RdyRypbsAE5hmooz5fQkdj+s8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=N7kjikC7J6Opjlsw+WEwGlINJXsVs+avMrdAmO0WHkfhelDg3LnmoFA5ZVJDwAnSqpD8orVjDczHu9sicXLdv+DPLJ99Y86Ksja0pVy2rXCMb/hYavJ2JqFYGYvhbKCMvjXD0lZNSdL7wzvvGWF09mDnREQcp0KZkxzI1AHuTQo= Received: by 10.78.123.4 with SMTP id v4mr24221231huc.50.1206433581434; Tue, 25 Mar 2008 01:26:21 -0700 (PDT) Received: from ?10.0.0.3? ( [41.243.230.74]) by mx.google.com with ESMTPS id y6sm31471283mug.1.2008.03.25.01.26.17 (version=SSLv3 cipher=OTHER); Tue, 25 Mar 2008 01:26:19 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Recovering root password Date: Tue, 25 Mar 2008 10:25:17 +0200 User-Agent: KMail/1.9.9 References: <49bf44f10803241330r3b447b4bkde7a062c73905b94@mail.gmail.com> <200803250741.46180.uwix@iway.na> <68b1e2610803250103o36ee7fe5n1aab9f6399e56a0f@mail.gmail.com> In-Reply-To: <68b1e2610803250103o36ee7fe5n1aab9f6399e56a0f@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200803251025.17569.alan.mckinnon@gmail.com> X-Archives-Salt: cb28f78b-261d-4bda-8d4d-c6c2cb3802a1 X-Archives-Hash: a6758c84e1e3c891f0f10635a546a1c7 On Tuesday 25 March 2008, Liviu Andronic wrote: > > =C2=A0But you can boot from a LiveCD, mount your harddrive, chroot and > > then give root another password. > > But then, conventional passwords are as useless. One needs no more > than physical access to the computer, a LiveCD and a couple minutes > in order to become the super user of your system. Basically, the > password seems useful only to know whether anyone has changed it > behind your back. Let me guess - you own a notebook and most of your exposure to running a=20 computer is limited to that, and you have never administered a real=20 server somewhere, right? It's very very easy to keep your servers safe from physical access=20 attacks - make sure the bad guys can't touch it. This is so easy to do=20 it's laughable - we use a locked door. The only people who have a key=20 are those who have to root password anyway. On a notebook, there isn't an OS in existence that is immune to a=20 LiveCD. If this concerns you, apply some biometrics and encrypted=20 filesystem patches. Or stop using notebooks. Or stop using computers=20 that someone else can touch. =2D-=20 Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list