Date: Wed, 09 Dec 1998 13:08:59 -0500 From: "Steve Friedrich" <SteveFriedrich@Hot-Shot.com> To: "Michael Borowiec" <mikebo@Mcs.Net> Cc: "questions@FreeBSD.ORG" <questions@FreeBSD.ORG> Subject: Re: Securing the FreeBSD console Message-ID: <199812091814.NAA02106@laker.net>
next in thread | raw e-mail | index | archive | help
On Wed, 9 Dec 1998 11:34:00 -0600 (CST), Michael Borowiec wrote: >> Just my two cents... >> I think it's funny your people are *horrified* by this situation, yet >> they have implemented absolutely NO physical security at all. This is >> really quite absurd, because NO PC is secure if I have physical access. >> >First of all, in larger companies, development engineers are rarely >responsible for plant security - and the plant security people are not >responsible for computer security. So it falls to the UNIX admin... >It's still a problem, even though you think it's absurd. Yes, it's a problem. It's a MANAGEMENT problem that management has NOTdealt with. They SHOULD. Otherwise, any changes to xlock or the docs is for naught!! >Of course, physical access is everything. That's fundamental... However, >xlock is SUPPOSED to provide a modicum of security. Otherwise it's just a >screen saver, and then what's the point of it requiring a password?! But, as has been pointed out, xlock is not FreeBSD specific, nor is XFree86. The issues you raise, while mostly valid, do not fall under a single vendor. There's no company making billions of dollars, employing people to respond to your every need. You could, however, PAY someone to plug all these holes and burn a CD... Or, you could just plug 'em yourself, for FREE... >My point is simply this: If xlock will not provide the security that >reasonable people have come to expect, due to keyboard escapes in >underlying systems, those HOLES should be documented. Not a lot to ask... Well, if it's not a lot to ask, why don't you step forward and commit some of your leisure time (or company time if they're willing) and document these *holes*? Some people create their own CDs as well. You could plug these holes, burn a CD, and then offer the fruits of your labor to the entire world for free!! I agree that these *holes* should be documented, though not in all caps as you suggested. I don't think these *holes* should be plugged by default, because most hobbyists have far less unix/hardware/computer knowledge than those of us who use FreeBSD in a professional environment. I do think your people are overreacting. We get people on this list occasionally complaining or demanding support as if this was a product they paid a lot of money for. It's free, damn it. If you can get a product for free, aren't you willing to *discover* any misfeatures and solve them yourself ? Or turn to the list for support, like you have? You DID find the *holes*, and you did get answers pretty quick (a lot faster than if you called Microsuk's 900 number). I'm probably on your side, but I believe some of your people are looking for excuses to pull the rug... If computers WERE appliances, we wouldn't need System Admins. That day may come, but I doubt it will be in MY lifetime. My opinions are my own. I speak for no one else. Unix systems measure "uptime" in years, Winblows measures it in minutes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812091814.NAA02106>