From: Felipe Alfaro Solana <felipe.alfaro(a)gmail.com>
Date: Mon, 10 Oct 2005 11:02:45 +0200
I agree that having physical access to the machine could make easy
for
an intruder to get into it, but sometimes the intruder has limited
physical access, that is, the intruder can't steal the hard drive or
the machine, only sit at the keyboard, restart the machine into
single-user mode and reset the root password (and yes, I know I we can
use a GRUB password).
If the GRUB password isn't used to protect the machine, the
boot parameter is editable.
In that case, the intruder can alternate "init" program with
/bin/sh, putting "init=/bin/sh" into the boot parameter. It
means that modified /etc/inittab can not protect the machine
because the file is read by /sbin/init (default "init"
programme).
--
SEKINE Tatsuo:
tsekine(a)sdri.co.jp System Design & Research Inst. Co.,Ltd.