LinuxSA Mailing list archives

  From: David Newall <davidn@rebel.net.au>
  To  : Phil Pittard <vk5ham@seol.net.au>
  Date: Mon, 13 Sep 1999 19:14:47 +0930 (CST)

Re: Linux Console Security (was prev Q:Lost Password etc)

Phil,

I completely missed the thread on lost password.  I gather you said there
was a way of removing the password (assuming physical access to the
machine) which you wouldn't tell owing to a philosophy of not publishing
anti-security related hints.  My position on this is that it's a trivial
problem and there's no point telling people who can't work it out for
themselves for fear of giving them a ``loaded gun'' which they thus
demonstrate themselves incapable of safely using.  No doubt I'm going to
get flamed (again) for saying it like that but I couldn't care less about
that.

There's nothing wrong with with-holding data on the basis that:
a. it's trivial for anyone else to find out for themself (and you
   mustn't encourage laziness); or
b. it's dangerous and when you're capable of using the data safely
   it becomes category a data (see above).

I don't know exactly what method you had in mind; I must say I've used
Norton's disk editor to this effect before.  There are certainly easier
ways under Linux.

Regards,

David, who aproves with your stance, though possibly not for the exact
same reasons.

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject