From owner-freebsd-security@FreeBSD.ORG  Wed May 16 10:28:51 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 17744106566B
	for <freebsd-security@freebsd.org>;
	Wed, 16 May 2012 10:28:51 +0000 (UTC) (envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 9407F8FC12
	for <freebsd-security@freebsd.org>;
	Wed, 16 May 2012 10:28:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at home4u.ch
Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [62.12.173.4])
	(authenticated bits=0)
	by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id q4GASmXR088032
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-security@freebsd.org>;
	Wed, 16 May 2012 12:28:48 +0200 (CEST)
	(envelope-from fabian@wenks.ch)
Message-ID: <4FB3815F.8000208@wenks.ch>
Date: Wed, 16 May 2012 12:28:47 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:10.0.4) Gecko/20120421 Thunderbird/10.0.4
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <CAL5m1BsnURTXsZJEkF9sR-3wsVRHkOto-CuCSuJCgH2yivNGPg@mail.gmail.com>
	<7439f3d4019914591b036aa45cfd75e7@vahid-shokouhi.net>
	<CAL5m1BtxL_=jGKE=xbKqJxaxnuscid_5LJXwPNpZz8AEmpQuaA@mail.gmail.com>
	<40e269c44ec592d0ce3e2d85fd8a032d@vahid-shokouhi.net>
	<CAL5m1Bt2RQ_+W5qV9TN4G5VtCAj8VD4UkLCTwQR2OMSyi2iVTA@mail.gmail.com>
	<c8a82efd162ce1d32a9a05ed6d78557e@vahid-shokouhi.net>
	<CAL5m1Bsu7M9qZ3xt7U4H9v-jBDWdf-q1M=Y=v5NTy9QPGcLORQ@mail.gmail.com>
	<CAL5m1BtpNomf8qUONOHf2i-jPyRrPK7ZRvH3nsePStZuEQ_UmQ@mail.gmail.com>
	<CAFHbX1KGuMEpUUJibYXpzQbGRmdZgtgk1ZUMqYX2Rm9qC0W==g@mail.gmail.com>
In-Reply-To: <CAFHbX1KGuMEpUUJibYXpzQbGRmdZgtgk1ZUMqYX2Rm9qC0W==g@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Single user mode
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 10:28:51 -0000

Hello

On 16.05.2012 11:06, Tom Evans wrote:
> You can fix boot order in the BIOS, but a BIOS can be reset simply by
> removing the BIOS battery briefly. In addition to that, many BIOS will
> also offer a boot menu option - which cannot be disabled -  allowing
> the user to choose which device to boot from without entering the
> BIOS.

In addition you should use computer cases, which can be prevented 
from opening with a padlock. So removing the hard disk or 
resetting the BIOS needs a lot more effort. Also you should chain 
the computer to something, which is fixed to the building, so it 
can not be removed easily.

I do know student computer rooms with Linux workstations, which 
are "protected" with this measures. But there is also the regular 
system monitoring in place, and if a systems goes down 
unexpected, you will know it and can do something about it.


bye
Fabian