From owner-freebsd-questions Tue Oct 24 4: 9:43 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-27-149-77.mmcable.com [24.27.149.77]) by hub.freebsd.org (Postfix) with SMTP id 7D15137B479 for ; Tue, 24 Oct 2000 04:09:40 -0700 (PDT) Received: (qmail 49257 invoked by uid 100); 24 Oct 2000 11:09:39 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14837.28147.463188.672602@guru.mired.org> Date: Tue, 24 Oct 2000 06:09:39 -0500 (CDT) To: Odhiambo Washington Cc: questions@freebsd.org Subject: Re: secure boot In-Reply-To: <95783454@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Odhiambo Washington writes: > * Tim McMillen [20001023 16:49]: > =>No. If somebody has physical access to your box they can do anything they > =>want. Including wiping freebsd off your HD and installing windows. > => For example you can mark the console as insecure so they have to > =>have the superuser password. But all they have to do is have a boot > =>floppy to get single user mode. Um - just because they have physical access to the box doesn't mean they can do anything they want. For instance, if it's sitting in a lab with a bunch of other PCs and an employee monitoring the lab whenever it's open, things like opening the box and installing new hardware aren't feasible. > Hey, just wondered if a boot floppy is really necessary...if they cold > bott and choose single user mode at the prompt...is there a way of > stopping/preventing that??? So that even booting into SUM requires the > root passwd... You can protect against the boot floppy. Most modern BIOSes have boot options that force the boot from HD first, and can you can password the BIOS options to prevent that from being changed. So it is possible to arrange the rest of the world so that a single-user boot is the easiest vulnerability to exploit even with physical access to the machine. Under those conditions, wanting to make that harder to exploit is a perfectly reasonable thing to want to do. You can disable single-usr boot mode. Read through the docs on loader(8), loader.conf(5) and loader.4th(8). Having one of them boot instead of defaulting to autoboot would skip the "Hit Enter to ..." step. However, the better solution is to edit /etc/ttys, marking the console as "insecure" instead of "secure". /etc/init will then insist that you correctly enter the root password before giving you a single user shell.