Date: Wed, 9 Dec 1998 10:57:09 -0800 (PST) From: Stefan Molnar <stefan@csudsu.com> To: Michael Borowiec <mikebo@Mcs.Net> Cc: Gregory Sutter <gsutter@pobox.com>, questions@FreeBSD.ORG Subject: Re: Securing the FreeBSD console Message-ID: <Pine.BSF.3.96.981209104951.17473F-100000@c35486-a.frmt1.sfba.home.com> In-Reply-To: <199812091650.KAA03339@Mars.mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Just FYI... I'm introducing FreeBSD at work, a 1000-seat engineering > environment, where people share offices and labs that don't lock. > Most of the UNIX folk in my environment were horrified by these defaults - > but moreso by the lack of documentation pointing them out. It was even > suggested the OS not be used at all, for fear that (1) the FreeBSD team > either doesn't understand, or doesn't take commercial security concerns > seriously, and (2) that there are probably many more undocumented actions > in a "hobbyist (read TOY) OS" that could be exploited to gain fast access. How can they be horrified? On all Sun hardware a simple STOP-A and knowing how to use forth/openboot I can capture your entire memory ranges, or other things. I do not see the kill X server function in irix advertised as a security hole. Or what about the lovely single user switch that was on the back of the old Apollos. Having access to console no matter the os asumes risks. There are very easy ways to go around the login of any win9x and nt box. I work at one of the largest unix companies out there, and it is an assumed risk. Cray's had horriable security. No matter what OS there is. Getting physical access means there are ways to get access. The only thing that I have seen that can be secure at the console is Trusted Solaris 2.5.1. Stefan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981209104951.17473F-100000>