Re: Linux, BSD, and Unix are fundamentally insecure.
From: Thomas Schweikle (tps_at_vr-web.de)
Date: Sat, 11 Sep 2004 18:54:25 +0200
Mike Cox wrote:
> General Protection Fault <email@example.com> wrote in message news:<firstname.lastname@example.org>...
>> ["Followup-To:" header set to comp.os.linux.advocacy.]
>> On 9 Sep 2004 21:00:34 -0700, Mike Cox wrote:
>> > An opensource consultant visited my workplace recently and was
>> > upstaged by my MCSEs. The consultant went over my head and made a
>> > sales call to the owner of the company who decided to see a demo of
>> > the various flavors of *nix. My boss was interested due to the
>> > consultant's claims of a lower total cost of ownership and more
>> > security.
>> > When this consultant showed up, my MCSEs were ready to show how much
>> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>> > When the consultant was done with the demo, my MCSE, Scott, went up to
>> > the Linux box, and did the following:
>> > linux init=/bin/sh
>> > mount -o remount -rw /
>> > mount /proc
>> > passwd
>> > mount -o remount -ro /
>> > umount /proc
>> > When Scott rebooted the machine, he typed in the new root password and
>> > was in. The consultants jaw dropped, my boss laughed, and will now
>> > trust my MCSE's judgement in all things related to IT in the company.
>> Any machine is insecure if you have physical access to it.
>> I can remove a hard drive from a "secure" NT machine and mount it in my own
>> box and read everything.
> Not really. If that hard drive you mount was using NTFS with the
> encryption option enabled, mounting that hard drive on another system
> won't give you access to that data because the encryption keys are
> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> boat loader into a shell without requiring the root password. Windows
> 2000 doesn't allow that. You need the Admin password in order to get
> the machine in safe mode or to use the Windows 2000 to do a system
> recovery. I know because I've done it and tested it.
Really? I am sure, it doesn't ask for a password if booting into the