rationale of root access from boot

[Nicolas Deschildre]

hi!

I was wondering about the rationale of allowing anyone to easily boot
root (by adding the 'single' parameter to the kernel command line with
grub).

While I can understand it on a server, which must be physically
protected to be really secure, IMO it is pretty bad on workstations.

I know that with some knowledge and perseverance, one can anyway get
root access (Live CD, or if BIOS locked or no CD drive, open the box,
take the drive), but here, with the 'single' parameter, it is an easy
and discrete open door *out of the box*. IMO this is pretty bad
security.

Nicolas