Date: Tue, 8 Dec 1998 23:27:40 -0800 From: Gregory Sutter <gsutter@pobox.com> To: Michael Borowiec <mikebo@Mcs.Net>, questions@FreeBSD.ORG Subject: Re: Securing the FreeBSD console Message-ID: <19981208232740.B4021@orcrist.mediacity.com> In-Reply-To: <199812090624.AAA12484@Mars.mcs.net>; from Michael Borowiec on Wed, Dec 09, 1998 at 12:24:05AM -0600 References: <199812090624.AAA12484@Mars.mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 09, 1998 at 12:24:05AM -0600, Michael Borowiec wrote: > > To prevent rebooting your server with a Ctrl-Alt-Del requires > a kernel config change. Where is this documented? In the LINT file, /sys/i386/conf/LINT, under the syscons section, you can see options SC_DISABLE_REBOOT. > Xlock is useless with the sc0 console driver, since typing Ctrl-Alt-F1 > breaks out of graphics mode, back to the virtual terminal. Then one simply > does a Ctrl-C and they're in... How can this be disabled? Brand new versions of xlock have an option, vtlock, which disables vt switching. You'll need to be running at least xlockmore-4.12 to get this option -- 4.11 doesn't have it. > Anyone know why FreeBSD ships with all these security holes enabled by > default? I checked the FreeBSD Security web page, and there was no mention > of any of these "features", or how to plug them. (Did I miss something?) Sure. They're not security holes on most systems. If you want to disable three-finger saluting from the console, that's your business. If you want to disable vt switching while in xlock, that's your business too. If you want to disable ctrl-alt-backspace to kill X, that as well is your own business. Most people _do_ find them features, not security holes. Greg (ctrl-alt-del disabled, ctrl-alt-backspace enabled, xlock vt switching enabled) -- Gregory S. Sutter Bureaucrats cut red tape -- lengthwise. mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981208232740.B4021>