Date: Mon, 12 Jun 2000 12:10:11 +0200 From: Marc Silver <marcs@draenor.org> To: Alexandru Popa <razor@ldc.ro> Cc: freebsd-questions@freebsd.org Subject: Re: Securing bootup procedure on a public physical access machine Message-ID: <20000612121011.J81376@draenor.org> In-Reply-To: <20000612130418.A18033@ldc.ro>; from razor@ldc.ro on Mon, Jun 12, 2000 at 01:04:18PM %2B0300 References: <20000612130418.A18033@ldc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Take a look at /etc/ttys # If console is marked "insecure", then init will ask for the root # password when going to single-user mode. console none unknown off secure :) Cheers, Marc On Mon, Jun 12, 2000 at 01:04:18PM +0300, Alexandru Popa wrote: > Is it possible to "secure" the bootup procedure so that a computer that is > located in a public place cannot be "rooted" by just specifying single-user > mode bootup? > > I am using FreeBSD 4.0-RELEASE (I will update to -stable soon), on an > entirely-FreeBSD disk (no fdisk type partitions, aka "dangerously > dedicated"). > > I know about the password mechanism in /boot/, but as I understand the > three-phase bootup procedure, it is possible to convnice first the MBR block > to boot from a floppy, then the boot manager, or it is possible to fool the > second-stage boot manager to load another third-stage boot manager. > > Please correct me if I am wrong, or give suggestions so I can trust that > machine. > > Note that I am not subscribed to -questions, so please cc me on the answer. > > Thanks a lot, > Alex. > > ------------+------------------------------------------ > Alex Popa, |There never was a good war or a bad peace > razor@ldc.ro| -- B. Franklin > ------------+------------------------------------------ > "It took the computing power of three C-64s to fly to the Moon. > It takes a 486 to run Windows 95. Something is wrong here." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Lovers don't finally meet somewhere, They're in each other all along... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000612121011.J81376>