From owner-freebsd-arch@freebsd.org Mon Oct 19 17:12:17 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE792A18685 for ; Mon, 19 Oct 2015 17:12:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id DF427197D; Mon, 19 Oct 2015 17:12:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id 7E9FF165E; Mon, 19 Oct 2015 17:12:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 19 Oct 2015 17:12:15 +0000 From: Glen Barber To: freebsd-arch@FreeBSD.org Subject: Enabling all available ttys if available console Message-ID: <20151019171215.GX15305@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rYRijwbmzeJBcrGE" Content-Disposition: inline X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2015 17:12:18 -0000 --rYRijwbmzeJBcrGE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, For several months now, I have been contemplating enabling all active ttys on the system by 1) changing the defaults from std.9600 to 3wire, and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'. The only drawback to doing this that I can think of is it could open a potential attack vector, however this would require physical access to the system. The benefit to doing this is the system would be accessible via ttys other than ttyu0 by default, which unless there is someone with local access to the system, is painful for administrators to gain console access remotely by default. Are there objections to changing the default, or have I missed something larger in this proposed change? Thanks in advance. Glen --rYRijwbmzeJBcrGE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWJSRvAAoJEAMUWKVHj+KT3n0P/2137Diw4bKNfH2QWj2igAHP b+EX4obujvoCIJJ06SoOaJLj4mKKarxng4WqGl8rJ1tUiti4/RvkBb51hyawC9Al 3L27V1MrnGOjPGjRvVJk3uwphqabVOvXnfqrJtsrTiIYEpvc+m7nqeXJY2+ucAi2 ifZShR2fluJGrsaeJGVmXcC22XY6KZwp2sjtq9XAkewNewkfZpx7/ULBjyFuxG8/ GOoruZwbNTOlcG80gb3IyQEeM8+47kVEFch90h59EXn8+DDvMx+8/K/XCTspLgdS THCJiYmPAG5XW21VRqjwh3o7zEjvfQ+Thg3DDfY0dM0oylz0C/6zgUiu3I0WhhLS rZmxrL3UFoxhcekyOeMOpPrM/Yb/ftWLHgLT95TceW4/iLvW30XjuyEhHHcsmZBq TgMHx0vMGbTRJoG1MuM8vcHCB7AcuJEIGhv1B1HSIwk+0BU11u23OiHlQpXpsWim QC0wvf5mPHLBezm0rMB17SttQqzODkTDchwnKlEC1Aq1YE1bh4JmOevR5lALdjm4 LOXq9ZV9D1IwOiFobDgn8vRd39AIk+M41VJnOM6v57JJsrMn5CNFxxsbTiUikbrJ REwrLUqNZrpYUyTxRoUS7j39BsPV4VKre2u6hzSWnou4Rw5Wp5xQB20FTT+Ucipx gSl9ok8Hp7OqwaszC4+b =wOqR -----END PGP SIGNATURE----- --rYRijwbmzeJBcrGE--