On Mon, 2009-01-19 at 22:13 +0000, Dan Hatton wrote:
Nice idea. But what was primarily troubling me was the potential for the following process, which would be done and dusted before udev runs:
- Boot computer with USB stick already plugged in
- USB stick grabs id "/dev/sda", relegating hard drive to "/dev/sdb"
- "resume=/dev/sda2" boot parameter from grub.conf kicks in
- at best, second partition on USB stick doesn't contain a TuxOnIce image and system continues with a fresh boot
- at worst, it's a maliciously crafted USB stick, which inserts an image into RAM that does untold nasty things to my computer
As Srdjan says in his reply there are always security issues when someone has access to the machine itself. If someone wanted to break in and couldn't do it there and then he could always steal the machine and attack it at leisure.
If you want to me more secure about USB sticks accidentally left in I would investigate the boot order settings in the BIOS.
For this reason, and to save a few seconds during boot, I usually either disable booting non-hard-disk media or set the hard disk as the first device in the boot order.
On the very rare occasion I need to boot from something else I can go into the BIOS and temporarily change the settings to favour the device I want to boot from and then, when I am happy with the way the system boots from the hard disk again, change it back.
If you want to make it harder for someone to sabotage the boot process you could also set a password of the BIOS settings, if you BIOS supports this.
Regards, Steve.