Date: Tue, 29 Feb 2000 09:59:02 +1030 From: Mark Newton <newton@internode.com.au> To: Zhihui Zhang <zzhang@cs.binghamton.edu> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Building customized kernel without root passwd Message-ID: <20000229095902.A73142@internode.com.au> In-Reply-To: <Pine.GSO.3.96.1000228155113.12338C-100000@sol.cs.binghamton.edu> References: <Pine.GSO.3.96.1000228155113.12338C-100000@sol.cs.binghamton.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 28, 2000 at 03:58:00PM -0500, Zhihui Zhang wrote:
> My professor plans to use FreeBSD for teaching purpose. We will allow
> students to build their kernel but do not want to give them root password.
> So it's better to find a way to let students build kernel under their own
> account, save the kernel on a floppy and then boot from the floppy.
How is this going to buy you anything? Once they've done that, they'll
have root on the floppy-booted system, and they'll be able to mount the
system's hard disk and change the root password to anything they want.
If your students have physical access to the console of a system, the
system is not secure. Doubly so if they have access to removable media
(like floppy disks). You'd be better off firewalling the lab on the
assumption that they *will* have root, in an effort to constrain the
damage they can do if they misbehave, then just give them the root
password so they won't have to dick around with floppies anymore.
- mark
--
Mark Newton Email: newton@internode.com.au (W)
Network Engineer Email: newton@atdot.dotat.org (H)
Internode Systems Pty Ltd Desk: +61-8-82232999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000229095902.A73142>