Date: Mon, 2 Feb 1998 16:41:43 +0800 (WST) From: Adrian Chadd <adrian@obiwan.creative.net.au> To: "David E. Cross" <dec@phoenix.its.rpi.edu> Cc: Karl Pielorz <kpielorz@tdx.co.uk>, freebsd-questions@FreeBSD.ORG Subject: Re: FreeBSD boot banner (securing FreeBSD) Message-ID: <Pine.BSF.3.95q.980202164009.3484A-100000@obiwan.creative.net.au> In-Reply-To: <Pine.BSF.3.96.980201165642.2916B-100000@phoenix.its.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Feb 1998, David E. Cross wrote: > Yes, this is what has already beeen done (BIOS password, with disabled > floppy drive for booting), but this is uselesss, as The FreeBSD boot-block > allows you to load the kernel from an arbitrary device (per the /boot.help > file), a person just need to have the install disk, and the fixit disk, > when the machinne comes up wait for the FreeBSD boot prompt, place the > install disk in the drive, enter -fd(0,a)/kernel... and viola, you have > root on the system without ever cracking a screw on the case. You could modify the biosboot source to *NOT* do that. It wouldn't be terribly difficult to do. Give me a yell if you want me to modify the boot blocks for a particular release of FreeBSD to stop clever people changing the boot drive (changing the kernel would be stupid.. since if you messed up, being able to boot kernel.GENERIC is really good..) Adrian -- Adrian Chadd | "I used to be thin, handsome and smart. <adrian@creative.net.au> | Then I discovered UNIX." |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.980202164009.3484A-100000>