Date: Tue, 11 Dec 2001 13:46:35 -0600 (CST) From: Jon Mini <haikugeek@haikugeek.com> To: Paul Richards <paul@freebsd-services.com> Cc: John Baldwin <jhb@FreeBSD.ORG>, Wilko Bulte <wkb@freebie.xs4all.nl>, <cvs-committers@FreeBSD.ORG>, <cvs-all@FreeBSD.ORG>, <mini@haikugeek.com>, Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>, Mike Barcroft <mike@FreeBSD.ORG> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <Pine.LNX.4.33.0112111344240.15609-100000@westhost36.westhost.net> In-Reply-To: <Pine.LNX.4.33.0112111343040.15609-100000@westhost36.westhost.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Dec 2001, Jon Mini wrote: > On Tue, 11 Dec 2001, Paul Richards wrote: > > > Would it be difficult to add some crypt functions to the loader so that the > > root passwd can be checked against /etc/master.passwd? The secure console > > protection can then be pulled forward to earlier in the boot process. > > No, that would be trivial. Writing the forth to parse /etc/passwd.master > would be a little more annoying, but not much. > Though, it should be noted that if you're going to be totally secure, even interrupting the boot process and leaving the system sitting a password prompt is a valid DOS attack on the system. Also, putting a rock on the spacebar would probably do the trick as well. The boot loader isn't even vaguely secure.. if we want a secure console, then we should really just come up with a different method of booting. I've never really believed in a secure console anyways. -- Dizzy Cow (Jon Mini) dizzycow@haikugeek.com ... Desolation ... Despair ... Plastic Forks ... ~ ~ ~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0112111344240.15609-100000>