Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 May 2001 00:21:24 +0200
From:      Dominic Parry <dom@dude.dsl.ru.ac.za>
To:        freebsd-security@freebsd.org
Subject:   Re: nfs mounts / su / yp
Message-ID:  <20010515002124.A647@dude.dsl.ru.ac.za>
In-Reply-To: <Pine.BSF.4.21.0105141358540.43455-100000@mail.wlcg.com>; from rsimmons@wlcg.com on Mon, May 14, 2001 at 02:02:15PM -0400
References:  <3B0015E5.2E1AED1B@centtech.com> <Pine.BSF.4.21.0105141358540.43455-100000@mail.wlcg.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Just a thought, you could in your bios set  password and then boot only of
the hdd. That way no one could boot of a stiffy etc. 

On Mon 2001-05-14 (14:02), Rob Simmons wrote:
 //> -----BEGIN PGP SIGNED MESSAGE-----
 //> Hash: RIPEMD160
 //> 
 //> You could set the console to insecure in /etc/ttys.  That way single user
 //> mode will ask for the root password.  You still can't prevent someone from
 //> booting with their own floppy disk and making changes that way.  I think
 //> the only way to prevent that is to use an encrypted filesystem of some
 //> sort.
 //> 
 //> Robert Simmons
 //> Systems Administrator
 //> http://www.wlcg.com/
 //> 
 //> On Mon, 14 May 2001, Eric Anderson wrote:
 //> 
 //> > If a user reboots their machine, goes into single user mode, and changes
 //> > the local root password (and adds their username into the wheel group of
 //> > course), then boots into multiuser mode, they can su to root, then su to
 //> > any NIS user they desire, and do malicious things as that user.  su'ing
 //> > from root to any other user never asks for a password, so login.conf
 //> > isn't used (right?)..
 //> -----BEGIN PGP SIGNATURE-----
 //> Version: GnuPG v1.0.5 (FreeBSD)
 //> Comment: For info see http://www.gnupg.org
 //> 
 //> iD8DBQE7AB2qv8Bofna59hYRA0ebAKCQ9R1wLoemlWAuEdplqcSMcY12IQCfVH0B
 //> 8SkJHNs8J3aEYZ8dk27La2k=
 //> =Qb9E
 //> -----END PGP SIGNATURE-----
 //> 
 //> 
 //> 
 //> To Unsubscribe: send mail to majordomo@FreeBSD.org
 //> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010515002124.A647>