[mythtv-users] Forgot password; Choose door A, B or C?

Hika van den Hoven hikavdh at gmail.com
Thu Apr 24 19:02:37 UTC 2014


Hoi Mike,

Thursday, April 24, 2014, 7:59:04 PM, you wrote:

> On 24/04/14 18:38, Thomas Mashos wrote:
>> On Thu, Apr 24, 2014 at 10:33 AM, Hika van den Hoven <hikavdh at gmail.com> wrote:
>>> Hoi Will,
>>>
>>> Thursday, April 24, 2014, 7:20:13 PM, you wrote:
>>>
>>>> On 4/24/14, 1:12 PM, Leif Pihl wrote:
>>>>>
>>>>> On Apr 24, 2014, at 12:06 PM, Devin Heitmueller wrote:
>>>>>
>>>>>> Correct.  Physical access means total access.
>>>>>
>>>>> Ugh!
>>>>> ==Prompt the dramatic movie theme music here.==
>>>>>
>>>>> I never knew about that weakness.
>>>>>
>>>>> Is there SOME sort of a patch to fix this (or un-fix it, as the case may be) for those machines that are out in the public for anyone to access?
>>>
>>>
>>>> Disk encryption can make it safer.
>>>> http://www.kb.cert.org/vuls/id/789985
>>>
>>>
>>>> -WD
>>>
>>>> _______________________________________________
>>>
>>> Basically, to prevent this:
>>> - Password protect your bios setup
>>> - disable boot from any other media then your HD
>>>
>>> You then have to open the case and reset the bios to get access.
>>> Or steal the HD.
>>>
>>
>>
>> You forgot to secure grub.
>>
>> Thanks,
>>
>> Thomas Mashos
>>
> Not so. If you install the 'stolen' disk in an external enclosure and access it
> as a data disk, who cares about GRUB?

You're both right I think. I never use grub and never tried with lilo,
but possibly you could get around the password, with boot options to
the kernel, without stealing the disk. So adding to securing the
bootloader, securing the kernel. 

Tot mails,
  Hika                            mailto:hikavdh at gmail.com

"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"

De lerende Mens



More information about the mythtv-users mailing list