Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 Apr 1995 10:51:21 -0700 (PDT)
From:      "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
To:        davew@sees.bangor.ac.uk (Mr D Whitehead)
Cc:        freebsd-security@FreeBSD.org
Subject:   Re: FreeBSD Security Problem?
Message-ID:  <199504121751.KAA07234@gndrsh.aac.dev.com>
In-Reply-To: <9326.9504121533@sol.sees.bangor.ac.uk> from "Mr D Whitehead" at Apr 12, 95 04:33:28 pm
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> Hi,
> 	First the compliments - great job so far.  
> 
> 	Now the problem.  I have been using FreeBSD (2.0R) at home (without 
> any problems) and also evaluating it for use at work.  One ancient and major 
> problem seems to exist (unless I have missed something or it has already been 
> altered) and that is the reboot to single user.  No password, nothing, just a 
> root shell to do with as you wish.  OK I know its not a problem at home - but 
> just imagine the fun all our undergraduates would have with this if we put a 
> machine in a public area (the current suggestion is for 50).
> 
> 	We would really like to replace our ageing Sun SLC's but are seriously
> worried about the above problem - any comments?

As has already been pointed out in other mail tweak /etc/ttys.  But this
still leaves a very nasty hole you need to plug.  You will have to remove
the floppy drive from all machines, otherwise a person can just download
a FreeBSD boot floppy and boot single user from it, mount the hard disk,
splat the passwd file or the ttys file and then reboot from the hard
disk.

Some BOIS allow you to set the boot sequecne to C:, A:, if yours do, this
is another way around the floppy problem.  Set it to C:, A:, and then
password protect the BIOS so the user can't change it back.  Since C:
should always have a valid boot partition on it there is no way for
them to boot from floppy, but they can still use the floppy for
normal things.


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                   Custom computers for FreeBSD

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504121751.KAA07234>