From owner-freebsd-questions Tue Apr 4 3:21: 6 2000 Delivered-To: freebsd-questions@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id C545237B830 for ; Tue, 4 Apr 2000 03:20:57 -0700 (PDT) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12cQOa-000Mce-00; Tue, 04 Apr 2000 12:17:16 +0200 From: Sheldon Hearn To: Andrew Cc: Ruslan Ermilov , freebsd-questions@FreeBSD.ORG Subject: Re: Disable boot -s In-reply-to: Your message of "Tue, 04 Apr 2000 12:18:13 GMT." Date: Tue, 04 Apr 2000 12:17:15 +0200 Message-ID: <86962.954843435@axl.ops.uunet.co.za> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 04 Apr 2000 12:18:13 GMT, Andrew wrote: > I have FreeBSD mail server in my organisation. It located in room > with no lock, with free access to the PC's monitor for all. This is my > workbench. > > I'm afraid that anyone, who knows about boot -s, may reboot the > machine and makes me cry. Okay, I take back my previous advice. Although what I told you about flagging the console as insecure was sound advice in some circumstances, it's just going to lead you into a false sense of security in this case. Anyone who knows about boot -s probably also knows how to create boot floppies. Getting into your PC won't be very difficult. Removing the floppy drive from your box may help, provided that you have some way of ensuring that nobody opens the box up with a screwdriver or saw. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message