From owner-freebsd-questions Wed Dec 9 09:46:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA06589 for freebsd-questions-outgoing; Wed, 9 Dec 1998 09:46:35 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from bytor.rush.net (bytor.rush.net [209.45.245.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA06579 for ; Wed, 9 Dec 1998 09:46:31 -0800 (PST) (envelope-from lynch@rush.net) Received: from localhost (lynch@localhost) by bytor.rush.net (8.9.1/8.8.8) with ESMTP id MAA19729; Wed, 9 Dec 1998 12:46:14 -0500 (EST) (envelope-from lynch@rush.net) Date: Wed, 9 Dec 1998 12:46:14 -0500 (EST) From: Pat Lynch To: Michael Borowiec cc: questions@FreeBSD.ORG Subject: Re: Securing the FreeBSD console In-Reply-To: <199812090624.AAA12484@Mars.mcs.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Lets face it, if someone has access to the physical machine, then they have access to the machine... I think any attempt at locking a screen usually is not an improvement... I xloxk my machines, but its more of a habit to keep the cluebies from getting on it, I seriously doubt that xlock would keep the ones with clue out. -P ___________________________________________________________________________ Pat Lynch lynch@rush.net Systems Administrator Rush Networking ___________________________________________________________________________ On Wed, 9 Dec 1998, Michael Borowiec wrote: > Greetings - > Just when I think I've got my FreeBSD console relatively secure with > xlock, someone else shows up with a new key combination to easily > circumvent it... > > To prevent people from killing your X-Server with Ctrl-Alt-Backspace > requires a simple mod to /etc/XF86Config - NoZap. Covered... > > To prevent rebooting your server with a Ctrl-Alt-Del requires > a kernel config change. Where is this documented? > > Xlock is useless with the sc0 console driver, since typing Ctrl-Alt-F1 > breaks out of graphics mode, back to the virtual terminal. Then one simply > does a Ctrl-C and they're in... How can this be disabled? > > Anyone know of any other knuckle-head methods to break xlock? > (besides pulling the power cord out ;v) > > Anyone know why FreeBSD ships with all these security holes enabled by > default? I checked the FreeBSD Security web page, and there was no mention > of any of these "features", or how to plug them. (Did I miss something?) > > Any pointers would be welcome. Thanks! > Regards, > - Mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message