Date: Tue, 11 Dec 2001 13:02:19 -0700 From: Nate Williams <nate@yogotech.com> To: John Baldwin <jhb@FreeBSD.org> Cc: Paul Richards <paul@freebsd-services.com>, Wilko Bulte <wkb@freebie.xs4all.nl>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, mini@haikugeek.com, Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>, Mike Barcroft <mike@FreeBSD.org> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <15382.26187.453320.35053@caddis.yogotech.com> In-Reply-To: <XFMail.011211112119.jhb@FreeBSD.org> References: <868210000.1008098113@lobster.originative.co.uk> <XFMail.011211112119.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> It has that, but it's simple. You didn't read my earlier message though where > I detailed what we _did_ do for my lab at school. We didn't use the loader at > all, instead we hacked (it was a small hack, and an #ifdef for it could be > made) boot2 to not accept user input and to boot the kernel directly. FWIW, this is what I did when I setup a lab full of insecure PC's. I simply created a custom boot loader that ignored user input. This was the best way I could think of to make the boxes secure. (That and forcing the box to boot from hard-disk first.) Since I knew the password, I could change the boot order, then stick in a floppy to do recovery. Yes, it was a pain, but security doesn't come w/out costs. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15382.26187.453320.35053>