[WikiEN-l] Re: new CheckUser proposal up
Anthony DiPierro
wikispam at inbox.org
Thu Oct 13 18:01:44 UTC 2005
On 10/13/05, Phil Boswell <phil.boswell at gmail.com> wrote:
>
> "Anthony DiPierro" <wikispam at inbox.org> wrote:
> [snip]
> > If sysadmins can do any destructive thing they want, then you haven't
> > created a very secure system.
>
>
> Pick the most secure version of UNIX you can find.
>
> Log in as root.
>
> Invoke the following:
> $ rm -r /
If I were at home I'd do just that and it'd accomplish nothing, as I have
the immutable flag on the / directory. Yes, this flag could be removed if I
really wanted to, but there are ways to set up a system so that it requires
physical access to do such a thing.
But when we're talking about production boxes in a colo, it shouldn't even
be possible to log in as root.
How destructive do you actually want?
>
> (I recall hearing a story of how somebody did this and, having interrupted
> the process mid-destroy, managed with the help of some friends to
> resurrect
> the system because he happened to have a copy of EMACS running (i.e.
> loaded
> into memory and not susceptible to instant deletion) and was therefore
> able
> to type in various vital system files by reading the hex off another
> terminal. I wish I could back it up with a URL, but it's the end of my
> work
> day here, and I'm going home :-)
> --
> Phil
> [[en:User:Phil Boswell]]
More information about the WikiEN-l
mailing list