Date: Tue, 11 Dec 2001 19:57:09 -0000 From: Paul Richards <paul@freebsd-services.com> To: John Baldwin <jhb@FreeBSD.org> Cc: Mike Barcroft <mike@FreeBSD.ORG>, Mike Silbersack <silby@silby.com>, Alfred Perlstein <bright@mu.org>, mini@haikugeek.com, cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, Wilko Bulte <wkb@freebie.xs4all.nl> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <889160000.1008100629@lobster.originative.co.uk> In-Reply-To: <XFMail.011211114411.jhb@FreeBSD.org> References: <XFMail.011211114411.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Tuesday, December 11, 2001 11:44:11 -0800 John Baldwin <jhb@FreeBSD.org> wrote: > > I think that the loader is not intended for secure sites, there are too > many things you would have to do to plug holes, so IMO, just bypassing it > is your best bet. You dont' want to have to enter the root password to > boot the machine every time I wouldn't think. That wasn't what I was thinking. You've have to enter the root password to make any changes, the loader would happily boot straight through without the password otherwise. It'd behave just like a secure console. If I was trying to prevent people booting the machine in the first place I'd use a BIOS passwd but the loader provides an opportunity for someone to grab root just by power cycling the box and that seems like a hole that needs to be plugged. Paul Richards FreeBSD Services Ltd http://www.freebsd-services.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?889160000.1008100629>