Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Shut down, sleep, or restart from login window' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Shut down, sleep, or restart from login window
Authored by: thornrag on Jun 20, '05 04:11:54PM

There is *always* some risk associated with allowing a machine to shut down or reboot.

Previous security guidelines advised against enabling these buttons, as a small measure of defense against two general scenarios: in one, the attacker has modified binary code on the system by remote means (buffer overflow, filesystem tricks, etc.), and needs to reboot to apply the changes; in the other, the attacker wants access to protected data on the machine and intends to reboot from a custom hard disk or CD (think: Knoppix), or put the machine in TDM mode with their laptop.

Of course, this is a very small measure of defense. An Open Firmware password is much stronger against this kind of attack. But it's easier now, say, to pull an alley-oop, in which the attacker might install malicious code remotely using a nonauthenticated exploit, and then convince an unauthorized employee over the phone to reboot the server using one of these methods.

Regardless, this is pretty minor with regard to security. I only point these things out because I feel it's somewhat irresponsible *ever* to say "Wrong; there is no risk."

Make no mistake. There is always risk.



[ Reply to This | # ]
10.4: Shut down, sleep, or restart from login window
Authored by: TvE on Jun 20, '05 05:08:54PM

Physical access to a computer equals a risk no matter what!

Open Firmware pswd's are easaly disabled via a couple of reboots and removal of RAM



[ Reply to This | # ]
10.4: Shut down, sleep, or restart from login window
Authored by: pub3abn on Jun 21, '05 11:50:09AM

With a tower case, you can padlock the box so people can't get in and remove RAM, etc. But of course few people do. Securing a laptop is harder.



[ Reply to This | # ]