From owner-freebsd-security Mon May 14 15:54:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailc.telia.com (mailc.telia.com [194.22.190.4]) by hub.freebsd.org (Postfix) with ESMTP id 0BE8A37B422 for ; Mon, 14 May 2001 15:54:35 -0700 (PDT) (envelope-from ertr1013@student.uu.se) Received: from d1o913.telia.com (d1o913.telia.com [195.252.44.241]) by mailc.telia.com (8.11.2/8.11.0) with ESMTP id f4EMsXQ18885 for ; Tue, 15 May 2001 00:54:33 +0200 (CEST) Received: from ertr1013.student.uu.se (h185n2fls20o913.telia.com [212.181.163.185]) by d1o913.telia.com (8.8.8/8.8.8) with SMTP id AAA21512 for ; Tue, 15 May 2001 00:54:33 +0200 (CEST) Received: (qmail 40415 invoked by uid 1001); 14 May 2001 22:54:31 -0000 Date: Tue, 15 May 2001 00:54:31 +0200 From: Erik Trulsson To: freebsd-security@FreeBSD.ORG Subject: Re: nfs mounts / su / yp Message-ID: <20010515005431.A40399@student.uu.se> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <3B0015E5.2E1AED1B@centtech.com> <20010515002124.A647@dude.dsl.ru.ac.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010515002124.A647@dude.dsl.ru.ac.za>; from dom@dude.dsl.ru.ac.za on Tue, May 15, 2001 at 12:21:24AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 15, 2001 at 12:21:24AM +0200, Dominic Parry wrote: > > Just a thought, you could in your bios set password and then boot only of > the hdd. That way no one could boot of a stiffy etc. Yes, they could. Assuming they can open the case they could either reset the BIOS password (almost all mobo have some jumper or similar that can be used to reset the password), or they could just connect their own hdd and boot from that. It is quite a bit more work and would probably stop those who are merely driven by idle curiosity. Stopping a determined and knowledgeable person who have physical access to the computer from getting root access ranges from difficult to nearly impossible. > > On Mon 2001-05-14 (14:02), Rob Simmons wrote: > //> -----BEGIN PGP SIGNED MESSAGE----- > //> Hash: RIPEMD160 > //> > //> You could set the console to insecure in /etc/ttys. That way single user > //> mode will ask for the root password. You still can't prevent someone from > //> booting with their own floppy disk and making changes that way. I think > //> the only way to prevent that is to use an encrypted filesystem of some > //> sort. > //> -- Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message