From owner-freebsd-hackers  Mon Feb 28 15:28:19 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from gizmo.internode.com.au (gizmo.internode.com.au [192.83.231.115])
	by hub.freebsd.org (Postfix) with ESMTP id 6A8C237B9AD
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 28 Feb 2000 15:28:15 -0800 (PST)
	(envelope-from newton@gizmo.internode.com.au)
Received: (from newton@localhost)
	by gizmo.internode.com.au (8.9.3/8.9.3) id JAA76883;
	Tue, 29 Feb 2000 09:59:03 +1030 (CST)
	(envelope-from newton)
Date: Tue, 29 Feb 2000 09:59:02 +1030
From: Mark Newton <newton@internode.com.au>
To: Zhihui Zhang <zzhang@cs.binghamton.edu>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Building customized kernel without root passwd
Message-ID: <20000229095902.A73142@internode.com.au>
References: <Pine.GSO.3.96.1000228155113.12338C-100000@sol.cs.binghamton.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <Pine.GSO.3.96.1000228155113.12338C-100000@sol.cs.binghamton.edu>
X-PGP-Key: http://www.on.net/~newton/pgpkey.txt
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Feb 28, 2000 at 03:58:00PM -0500, Zhihui Zhang wrote:

 > My professor plans to use FreeBSD for teaching purpose. We will allow
 > students to build their kernel but do not want to give them root password.
 > So it's better to find a way to let students build kernel under their own
 > account, save the kernel on a floppy and then boot from the floppy.  

How is this going to buy you anything?  Once they've done that, they'll
have root on the floppy-booted system, and they'll be able to mount the
system's hard disk and change the root password to anything they want.

If your students have physical access to the console of a system, the
system is not secure.  Doubly so if they have access to removable media
(like floppy disks).  You'd be better off firewalling the lab on the
assumption that they *will* have root, in an effort to constrain the
damage they can do if they misbehave, then just give them the root
password so they won't have to dick around with floppies anymore.

    - mark

-- 
Mark Newton                               Email:  newton@internode.com.au (W)
Network Engineer                          Email:  newton@atdot.dotat.org  (H)
Internode Systems Pty Ltd                 Desk:   +61-8-82232999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message