Date: Mon, 04 Jan 1999 10:58:55 -0800 From: Mike Smith <mike@smith.net.au> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Tom Bartol <bartol@salk.edu>, current@FreeBSD.ORG Subject: Re: New boot blocks for serial console ... Message-ID: <199901041858.KAA14013@dingo.cdrom.com> In-Reply-To: Your message of "Mon, 04 Jan 1999 19:38:46 %2B0100." <14874.915475126@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <38397.915473345@zippy.cdrom.com>, "Jordan K. Hubbard" writes: > >> Not at all. Ever heard of a padlock? > > > >Give me physical access to your machine, with or without a padlock, > >and I'll have root on that baby before you have a chance to come back > >from lunch. > > > >I think the original comment that there's no security without physical > >security has definite merit. The NSA learned this decades ago! :) > > Uhm, well there is, but it is called "tamper-proof hardware" and costs > a fortune. It's not "tamper-proof", it's "tamper-resistant", and I can suggest a wide range of "tampering" hardware that it won't stand up to for long. But Garrett's point is actually quite valid; there's a fairly wide gap between "I will just fiddle with the console" and "I will walk into the server room with a pair of bolt cutters", and all that's required to close that gap is changing boot2 to not wait that couple of seconds before launching the loader, or to ignore the keyboard while it is. The latter would actually be easier, given its current design; add a '-X' option to /boot.config to disable the keyboard. Diffs happily accepted. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901041858.KAA14013>