shell for certification exam

Alan K Melby akmttt at byu.edu
Tue Nov 8 23:29:42 MST 2005


Can you set up [Knoppix] Linux so that it is impossible, or at least difficult, for a user to switch to a virtual terminaln without re-booting?
 
AKM
 
= = =

Ross Werner <ross at agilestudios.com> wrote:
On Wed, 9 Nov 2005, Jason Holt wrote:
> On Tue, 8 Nov 2005, Ross Werner wrote:
>> they can turn off whatever customizations you have created. In the security 
>> world, having physical access to a computer basically means that there is 
>> no way to completely secure that computer.
>
> Well, it depends on what you mean by "console access". The BYU kiosks are 
> pretty good nowadays, AFAICT. Keep them from opening the case, out of the 
> bios and bootloader, and then it's down to limiting what an unprivileged user 
> can do.

Indeed. By "physical access" I mean full physical access. Once you even 
mitigate that with "supervised physical access" it becomes much more 
difficult for a malicious attacker to circumvent the system.

(For example, I'm sure the proctors at these exams will notice somebody 
opening a case and tripping the BIOS password reset. They'd *probably* 
notice someone switching to a virtual terminal long enough to figure out 
what's up with the iptables configuration and do something to get around 
it. They probably *wouldn't* notice someone switching to a virtual 
terminal long enough to paste the exam text into an ssh session, if done 
surreptitiously.)

~ Ross

/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/



More information about the PLUG mailing list