From owner-freebsd-questions Wed Dec 9 10:14:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA09543 for freebsd-questions-outgoing; Wed, 9 Dec 1998 10:14:22 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from laker.net (jet.laker.net [205.245.74.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA09538 for ; Wed, 9 Dec 1998 10:14:20 -0800 (PST) (envelope-from sfriedri@laker.net) Received: from nt (digital-pbi-134.laker.net [208.0.233.34]) by laker.net (8.9.0/8.9.LAKERNET.NO-SPAM.SPAMMERS.AND.RELAYS.WILL.BE.TRACKED.AND.PROSECUTED.) with SMTP id NAA02106; Wed, 9 Dec 1998 13:14:03 -0500 Message-Id: <199812091814.NAA02106@laker.net> From: "Steve Friedrich" To: "Michael Borowiec" Cc: "questions@FreeBSD.ORG" Date: Wed, 09 Dec 1998 13:08:59 -0500 Reply-To: "Steve Friedrich" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows NT (4.0.1381;3) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Securing the FreeBSD console Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 9 Dec 1998 11:34:00 -0600 (CST), Michael Borowiec wrote: >> Just my two cents... >> I think it's funny your people are *horrified* by this situation, yet >> they have implemented absolutely NO physical security at all. This is >> really quite absurd, because NO PC is secure if I have physical access. >> >First of all, in larger companies, development engineers are rarely >responsible for plant security - and the plant security people are not >responsible for computer security. So it falls to the UNIX admin... >It's still a problem, even though you think it's absurd. Yes, it's a problem. It's a MANAGEMENT problem that management has NOTdealt with. They SHOULD. Otherwise, any changes to xlock or the docs is for naught!! >Of course, physical access is everything. That's fundamental... However, >xlock is SUPPOSED to provide a modicum of security. Otherwise it's just a >screen saver, and then what's the point of it requiring a password?! But, as has been pointed out, xlock is not FreeBSD specific, nor is XFree86. The issues you raise, while mostly valid, do not fall under a single vendor. There's no company making billions of dollars, employing people to respond to your every need. You could, however, PAY someone to plug all these holes and burn a CD... Or, you could just plug 'em yourself, for FREE... >My point is simply this: If xlock will not provide the security that >reasonable people have come to expect, due to keyboard escapes in >underlying systems, those HOLES should be documented. Not a lot to ask... Well, if it's not a lot to ask, why don't you step forward and commit some of your leisure time (or company time if they're willing) and document these *holes*? Some people create their own CDs as well. You could plug these holes, burn a CD, and then offer the fruits of your labor to the entire world for free!! I agree that these *holes* should be documented, though not in all caps as you suggested. I don't think these *holes* should be plugged by default, because most hobbyists have far less unix/hardware/computer knowledge than those of us who use FreeBSD in a professional environment. I do think your people are overreacting. We get people on this list occasionally complaining or demanding support as if this was a product they paid a lot of money for. It's free, damn it. If you can get a product for free, aren't you willing to *discover* any misfeatures and solve them yourself ? Or turn to the list for support, like you have? You DID find the *holes*, and you did get answers pretty quick (a lot faster than if you called Microsuk's 900 number). I'm probably on your side, but I believe some of your people are looking for excuses to pull the rug... If computers WERE appliances, we wouldn't need System Admins. That day may come, but I doubt it will be in MY lifetime. My opinions are my own. I speak for no one else. Unix systems measure "uptime" in years, Winblows measures it in minutes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message