From owner-freebsd-questions Tue Apr 4 5:54:23 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 17B5337B8AD for ; Tue, 4 Apr 2000 05:53:56 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id PAA73383 for freebsd-questions@FreeBSD.ORG; Tue, 4 Apr 2000 15:53:59 +0300 (EEST) (envelope-from ru) Date: Tue, 4 Apr 2000 15:53:59 +0300 From: Ruslan Ermilov To: freebsd-questions@FreeBSD.ORG Subject: Re: Disable boot -s Message-ID: <20000404155359.A71975@relay.ucb.crimea.ua> Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <86962.954843435@axl.ops.uunet.co.za> <38E9E3E8.359C0F6@sterling.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <38E9E3E8.359C0F6@sterling.com>; from Alan Edmonds on Tue, Apr 04, 2000 at 07:45:28AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Apr 04, 2000 at 07:45:28AM -0500, Alan Edmonds wrote: > Sheldon Hearn wrote: > > > > On Tue, 04 Apr 2000 12:18:13 GMT, Andrew wrote: > > > > > I have FreeBSD mail server in my organisation. It located in room > > > with no lock, with free access to the PC's monitor for all. This is my > > > workbench. > > > > > > I'm afraid that anyone, who knows about boot -s, may reboot the > > > machine and makes me cry. > > > > Okay, I take back my previous advice. Although what I told you about > > flagging the console as insecure was sound advice in some circumstances, > > it's just going to lead you into a false sense of security in this case. > > > > Anyone who knows about boot -s probably also knows how to create boot > > floppies. Getting into your PC won't be very difficult. > > > > Removing the floppy drive from your box may help, provided that you have > > some way of ensuring that nobody opens the box up with a screwdriver or > > saw. > > I'm not sure if it was on this list, but one security conscious person > would leave the floppy drive installed, but install it facing into > the case. That way he could remove the system cover if he needed > access to the floppy and didn't have to carry around an extra floppy > drive. As I recall, this was in a classroom situation and he wanted > to prevent students from stealing software and data from the PCs. > > I apologize if I got the details wrong and for forgetting who > originally posted this. > Or just set the BIOS to boot from the hard drive first. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message