From owner-freebsd-questions  Tue Dec  8 22:24:16 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA08252
          for freebsd-questions-outgoing; Tue, 8 Dec 1998 22:24:16 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA08247
          for <questions@freebsd.org>; Tue, 8 Dec 1998 22:24:15 -0800 (PST)
          (envelope-from mikebo@Mars.mcs.net)
Received: from Mars.mcs.net (mikebo@Mars.mcs.net [192.160.127.85]) by Kitten.mcs.com (8.8.7/8.8.2) with ESMTP id AAA11921 for <questions@freebsd.org>; Wed, 9 Dec 1998 00:24:06 -0600 (CST)
Received: (from mikebo@localhost) by Mars.mcs.net (8.8.7/8.8.2) id AAA12484 for questions@freebsd.org; Wed, 9 Dec 1998 00:24:05 -0600 (CST)
From: Michael Borowiec <mikebo@Mcs.Net>
Message-Id: <199812090624.AAA12484@Mars.mcs.net>
Subject: Securing the FreeBSD console
To: questions@FreeBSD.ORG
Date: Wed, 9 Dec 1998 00:24:05 -0600 (CST)
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Greetings -
Just when I think I've got my FreeBSD console relatively secure with
xlock, someone else shows up with a new key combination to easily
circumvent it...

To prevent people from killing your X-Server with Ctrl-Alt-Backspace
requires a simple mod to /etc/XF86Config - NoZap. Covered...

To prevent rebooting your server with a Ctrl-Alt-Del requires
a kernel config change. Where is this documented?

Xlock is useless with the sc0 console driver, since typing Ctrl-Alt-F1
breaks out of graphics mode, back to the virtual terminal. Then one simply
does a Ctrl-C and they're in... How can this be disabled?

Anyone know of any other knuckle-head methods to break xlock?
(besides pulling the power cord out ;v)

Anyone know why FreeBSD ships with all these security holes enabled by
default? I checked the FreeBSD Security web page, and there was no mention
of any of these "features", or how to plug them. (Did I miss something?)

Any pointers would be welcome. Thanks!
Regards,
- Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message