From owner-freebsd-security Mon Jul 3 1:53:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from ldc.ro (ldc-gw.pub.ro [192.129.3.227]) by hub.freebsd.org (Postfix) with SMTP id 449BE37B80A for ; Mon, 3 Jul 2000 01:53:40 -0700 (PDT) (envelope-from razor@ldc.ro) Received: (qmail 425 invoked by uid 666); 3 Jul 2000 08:53:21 -0000 Date: Mon, 3 Jul 2000 11:53:21 +0300 From: Alex Popa To: freebsd-security@freebsd.org Subject: securing the boot process (again?!?) Message-ID: <20000703115320.A341@ldc.ro> Reply-To: razor-bsd-security@ldc.ro Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have been trying to secure (a bit) the boot process of a 4.0-STABLE machine that is located in a public place. I need to use the floppy disk, but if I disable it from the BIOS I get no access to it under FreeBSD. So I set the boot sequence to "C only" but if I press space while the initial hyphen is displayed i get a prompt with no password being requested. (Note I have set a password in /boot/loader.conf, and set the console to "insecure" in /etc/ttys) The problem is I can boot any kernel or loader, including a kernel off the floppy drive [just type fd(0,a)/evilkernel at the prompt]. From there to a setuid(12345) that yields uid=0 (patched kernel, remember?) is just a small step. Any ideas for further improvement of the boot process security? Note: I have used the "Dangerously dedicated" option when installing. Thanks alot, Alex. ------------+------------------------------------------ Alex Popa, |There never was a good war or a bad peace razor@ldc.ro| -- B. Franklin ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message