From owner-freebsd-questions  Tue Apr  4  5:47:18 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from napalm.plano.sterling.com (napalm.plano.sterling.com [138.42.1.34])
	by hub.freebsd.org (Postfix) with ESMTP id 5580237B6D8
	for <freebsd-questions@FreeBSD.ORG>; Tue,  4 Apr 2000 05:47:10 -0700 (PDT)
	(envelope-from alan.edmonds@sterling.com)
Received: from sterling.com (ras-0048.plano.sterling.com [10.1.48.157])
	by napalm.plano.sterling.com (8.9.1b+Sun/8.9.1) with ESMTP id HAA19464;
	Tue, 4 Apr 2000 07:45:47 -0500 (CDT)
Message-ID: <38E9E3E8.359C0F6@sterling.com>
Date: Tue, 04 Apr 2000 07:45:28 -0500
From: Alan Edmonds <alan.edmonds@sterling.com>
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: Andrew <andrew@soc.lg.gov.ua>, Ruslan Ermilov <ru@ucb.crimea.ua>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: Disable boot -s
References: <86962.954843435@axl.ops.uunet.co.za>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Sheldon Hearn wrote:
> 
> On Tue, 04 Apr 2000 12:18:13 GMT, Andrew wrote:
> 
> > I have FreeBSD mail server in my organisation.  It located in room
> > with no lock, with free access to the PC's monitor for all. This is my
> > workbench.
> >
> > I'm afraid that anyone, who knows about boot -s, may reboot the
> > machine and makes me cry.
> 
> Okay, I take back my previous advice.  Although what I told you about
> flagging the console as insecure was sound advice in some circumstances,
> it's just going to lead you into a false sense of security in this case.
> 
> Anyone who knows about boot -s probably also knows how to create boot
> floppies.  Getting into your PC won't be very difficult.
> 
> Removing the floppy drive from your box may help, provided that you have
> some way of ensuring that nobody opens the box up with a screwdriver or
> saw.

I'm not sure if it was on this list, but one security conscious person
would leave the floppy drive installed, but install it facing into 
the case.  That way he could remove the system cover if he needed
access to the floppy and didn't have to carry around an extra floppy
drive.  As I recall, this was in a classroom situation and he wanted
to prevent students from stealing software and data from the PCs.

I apologize if I got the details wrong and for forgetting who
originally posted this.

Cheers,
-- 
Alan Edmonds, KB5ZUY               Sterling Software
                                   M/S 132
Phone: +1-972-801-6485             5800 Tennyson Pkwy.
Email: alan.edmonds@sterling.com   Plano, TX, USA  75024


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message