From owner-freebsd-arch@freebsd.org Mon Oct 19 21:00:37 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABB73A19068 for ; Mon, 19 Oct 2015 21:00:37 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 9A0B26E4; Mon, 19 Oct 2015 21:00:37 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id D9AB01A71; Mon, 19 Oct 2015 21:00:36 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 19 Oct 2015 21:00:35 +0000 From: Glen Barber To: freebsd-arch@FreeBSD.org Subject: Re: Enabling all available ttys if available console Message-ID: <20151019210035.GB15569@FreeBSD.org> References: <20151019171215.GX15305@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="s2ZSL+KKDSLx8OML" Content-Disposition: inline In-Reply-To: <20151019171215.GX15305@FreeBSD.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2015 21:00:37 -0000 --s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 19, 2015 at 05:12:15PM +0000, Glen Barber wrote: > For several months now, I have been contemplating enabling all active > ttys on the system by 1) changing the defaults from std.9600 to 3wire, > and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'. >=20 > The only drawback to doing this that I can think of is it could open > a potential attack vector, however this would require physical access to > the system. >=20 > The benefit to doing this is the system would be accessible via ttys > other than ttyu0 by default, which unless there is someone with local > access to the system, is painful for administrators to gain console > access remotely by default. >=20 > Are there objections to changing the default, or have I missed something > larger in this proposed change? >=20 Based on the replies so far, unless there are no objections by tomorrow, I'll commit the change. Thanks to everyone who replied. Glen --s2ZSL+KKDSLx8OML Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWJVnyAAoJEAMUWKVHj+KTM6EP/i2laUNf1kzjCueIpZHCiSq5 hOqbr2JoITVOV4exXSiUZ0SkIqRa0PDiP/yj8f2eWi0cs2h8VTpTNT+XefD+g1NL MIvBCJ7n4zoj397FM5LXGtnTVHoUN+k/x8meBZJ1VnkY3ECWE2kiXX4vjQu+b7bk 4aA3I0vUxrXT/2iF8PNXnwwnaeIhwOmUHyKiBRuwU0868hZCfSQimUIWpsnVgaTh CojBf8X2r/1+wZwPMLSlWBdWRapz7+rCtLbpJIsM/9/KheTl87p/ip3KzhlJlTRi 1ely0zHdJ23j2vXx8y56qlPI3jXpQ/vil/hyIRm/KDJD+5vFaxOpoXEZ5G0VUmDY Qwjq+MRzpOjXcpO6/RumhhomWS2fmeaJb9ri4pk0OiEEGUGcR70/apX8YdWI24t7 E2opm5JN59BklhWVreHLeWbQOOwi0QI+hc9qUr3QrxSqJk3T1S+NXwU+kBZnR5dD OlUTxhmivjhF7/TkME6VM4JV0wcp4TJK1EeSopMKMlmAs8c/6mWthCplM/X+1dEC KLG2g+YZ2xv6WFYuGIb4/RKkke35sowltuXQBkimgy0VwtQgmjulfr1eNYVvykr9 iiDs9L8vH28IE0/1JpX1sWSdbQ3hlxEdEMtX0X2YxEdwvqWqR3wi25RwsV5Lz+au utPZA/NRsOBTaTAcJghT =bJeY -----END PGP SIGNATURE----- --s2ZSL+KKDSLx8OML--