home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.hp
- Path: sparky!uunet!destroyer!sol.ctr.columbia.edu!ucselx!gdwest!good
- From: good@gdwest.gd.com (David L. Good)
- Subject: Re: HP 9000/370, no root password!
- Message-ID: <1992Aug20.212928.28666@gdwest.gd.com>
- Organization: General Dynamics Corp.
- References: <1992Aug15.022529.7176@mccc.edu> <430131@hpnmdla.sr.hp.com>
- Date: Thu, 20 Aug 1992 21:29:28 GMT
- Lines: 29
-
- In article <430131@hpnmdla.sr.hp.com> stanb@hpnmdla.sr.hp.com (Stan Bischof) writes:
- >In comp.sys.hp, good@gdwest.gd.com (David L. Good) writes:
- >
- >>That's certainly an interesting "feature". Is there any way to prevent
- >>this from occuring? We have a network of ~60 350s, and I'd hate to have
- >>users be able to be superuser anytime they want just by cycling power on
- >>a workstation!
- >
- >First rule of computer security:
- >
- > If you allow physical access, there ain't no security
- >
- >Since the disk itself has no security system built in, how could you even
- >conceivably stop me from doing about anything I want to your disk if
- >you allow me physical access to it?
- >
-
- I realize that physical access allows people to do nasty things, but in
- our environment, having someone mess around with the connections to the
- disks would probably be noticed and stopped. Cycling power on a
- workstation probably would not be noticed. I guess I'd like to see it
- where a bad guy would have to seriously mess with the hardware to do
- anything really harmfull. After all, I can't lock all our workstations
- up in a vault, or nobody would be able to use them!
-
- --
- David Good good@gdwest.gd.com
-
- This space intentionally left blank.
-
