Date: 01 Nov 2000 09:19:05 -0500 From: Lowell Gilbert <lowell@world.std.com> To: freebsd-chat@freebsd.org Cc: rino@altayer.com, andyf@speednet.com.au Subject: Re: Securing boot -s and disabling CNTRL-ALT-DEL... Message-ID: <447l6nzsfa.fsf@lowellg.ne.mediaone.net> In-Reply-To: rino@altayer.com's message of "1 Nov 2000 14:55:15 %2B0100" References: <2C9DB6D1616E784BB788F1CBAD33A2F3F523@EXCHANGE1.atg.altayer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andy Farkas said: > You are probably right. I've always thought it odd that you can walk up > to a Unix (aka FreeBSD) console and press <ctrl-alt-del> and have it > reboot! Perhaps the default condition should be to ignore it? > > It is too late to lobby this "feature" for FreeBSD 4.2-RELEASE. Perhaps > for 5.0? rino@altayer.com (Rino Mardo) replied: > I agree it's too late. It should be in FreeBSD 5.x when it comes out. This has been discussed lots of times on lots of FreeBSD lists (which is why I replied to -chat instead of -questions), but this is probably a bad idea. There are *very* few cases where disabling the ctrl-alt-del reboot would improve security. Basically, you have to have good enough physical security to keep people from kicking out power cords, but not good enough to keep untrusted people from sitting down at the keyboards. Such cases exist -- public terminal rooms in schools come to mind -- but they are all situations where a default install won't really have done the job anywy. Meanwhile, the reboot saves a lot of pain on initial installs. FreeBSD's defaults should be as secure as possible from *external* attack, but I think it's reasonable for the install defaults to assume that the hardware is reasonably secure. I understand that we have added "security profiles" in the install, which should allow us to have it both ways, so even if you disagree with my argument about the general usefulness of this option, there's no reason for your approach to affect the typical user. - Lowell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447l6nzsfa.fsf>