Let's go one step further and prevent either a malicious, or
"accidental" reboot by disabling the Ctrl-Alt-Del trap sequence.

Could never understand why the default action is to reboot.  Or, more
importantly, why this hasn't been disabled yet via upstream.



-Shawn




On Sun, Sep 17, 2017 at 9:04 PM, Munir Nassar <nassarmu at gmail.com> wrote:
> Heh, you don't even need a live CD, just interrupt grub, edit boot line and
> add init=/bin/bash and boot from there.
>
> This is not a bug, and here is how you can prevent it from being exploited
>
> 1. Full disk encryption, which is usually sufficient on its own but the next
> two are good too.
> 2. Grub password to disallow changing boot parameters
> 3. Bios password to disallow changing boot order
> 4. If fde is not an option then at least use dmcrypt, encfs or ecryptfs
>
> On Sep 13, 2017 11:46, "Rick Engebretson" <eng at pinenet.com> wrote:
>>
>> As I play around backing up, upgrading, and what-not, I use
>> not-so-hotswappable hard disk drives. Sometimes I goof up and have a bad
>> /etc/fstab file and the system will hang at boot. In older distros there
>> were some instructions to boot to root and use "mc" to edit /etc/fstab. This
>> newer opensuse distro had me stumped how to just get the filesystem going.
>>
>> So I tried the Fedora Live DVD and booted to DVD, mounted the boot hard
>> drive in KDE "dolphin" file manager, opened the KDE editor "kwrite," edited
>> and saved the system file /etc/fstab, and rebooted the opensuse hard drive
>> smooth as silk.
>>
>> I might be wrong, but these Linux Live DVDs seem to open a giant security
>> hole.
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>