From owner-freebsd-questions Mon Feb 2 00:42:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA25393 for questions-outgoing; Mon, 2 Feb 1998 00:42:42 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from obiwan.creative.net.au (obiwan.creative.net.au [203.56.168.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA25388 for ; Mon, 2 Feb 1998 00:42:36 -0800 (PST) (envelope-from adrian@obiwan.creative.net.au) Received: from localhost (adrian@localhost) by obiwan.creative.net.au (8.8.8/8.8.5) with SMTP id QAA03503; Mon, 2 Feb 1998 16:41:43 +0800 (WST) Date: Mon, 2 Feb 1998 16:41:43 +0800 (WST) From: Adrian Chadd To: "David E. Cross" cc: Karl Pielorz , freebsd-questions@FreeBSD.ORG Subject: Re: FreeBSD boot banner (securing FreeBSD) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions" On Sun, 1 Feb 1998, David E. Cross wrote: > Yes, this is what has already beeen done (BIOS password, with disabled > floppy drive for booting), but this is uselesss, as The FreeBSD boot-block > allows you to load the kernel from an arbitrary device (per the /boot.help > file), a person just need to have the install disk, and the fixit disk, > when the machinne comes up wait for the FreeBSD boot prompt, place the > install disk in the drive, enter -fd(0,a)/kernel... and viola, you have > root on the system without ever cracking a screw on the case. You could modify the biosboot source to *NOT* do that. It wouldn't be terribly difficult to do. Give me a yell if you want me to modify the boot blocks for a particular release of FreeBSD to stop clever people changing the boot drive (changing the kernel would be stupid.. since if you messed up, being able to boot kernel.GENERIC is really good..) Adrian -- Adrian Chadd | "I used to be thin, handsome and smart. | Then I discovered UNIX." |