From owner-freebsd-questions Wed Dec 9 10:01:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA08339 for freebsd-questions-outgoing; Wed, 9 Dec 1998 10:01:15 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from bytor.rush.net (bytor.rush.net [209.45.245.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA08329 for ; Wed, 9 Dec 1998 10:01:13 -0800 (PST) (envelope-from lynch@rush.net) Received: from localhost (lynch@localhost) by bytor.rush.net (8.9.1/8.8.8) with ESMTP id NAA19833; Wed, 9 Dec 1998 13:00:51 -0500 (EST) (envelope-from lynch@rush.net) Date: Wed, 9 Dec 1998 13:00:51 -0500 (EST) From: Pat Lynch To: Steve Friedrich cc: Gregory Sutter , Michael Borowiec , "questions@FreeBSD.ORG" Subject: Re: Securing the FreeBSD console In-Reply-To: <199812091715.MAA32666@laker.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Agreed, even with a "commercial OS" I can always powercycle the machine and boot off other media to mount the root partition, blank out the root password and get in. *Time to lock the labs*, hello? McFly? -P ___________________________________________________________________________ Pat Lynch lynch@rush.net Systems Administrator Rush Networking ___________________________________________________________________________ On Wed, 9 Dec 1998, Steve Friedrich wrote: > On Wed, 9 Dec 1998 10:50:07 -0600 (CST), Michael Borowiec wrote: > > >Just FYI... I'm introducing FreeBSD at work, a 1000-seat engineering > >environment, where people share offices and labs that don't lock. > >Most of the UNIX folk in my environment were horrified by these defaults - > >but moreso by the lack of documentation pointing them out. It was even > >suggested the OS not be used at all, for fear that (1) the FreeBSD team > >either doesn't understand, or doesn't take commercial security concerns > >seriously, and (2) that there are probably many more undocumented actions > >in a "hobbyist (read TOY) OS" that could be exploited to gain fast access. > > Just my two cents... > I think it's funny your people are *horrified* by this situation, yet > they have implemented absolutely NO physical security at all. This is > really quite absurd, because NO PC is secure if I have physical access. > > > Unix systems measure "uptime" in years, Winblows measures it in minutes. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message