From owner-freebsd-arch@freebsd.org Mon Oct 19 18:51:13 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AB60A190A3 for ; Mon, 19 Oct 2015 18:51:13 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EC9B01958; Mon, 19 Oct 2015 18:51:12 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t9JIpB2p008089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 19 Oct 2015 11:51:11 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t9JIpBAm008088; Mon, 19 Oct 2015 11:51:11 -0700 (PDT) (envelope-from jmg) Date: Mon, 19 Oct 2015 11:51:11 -0700 From: John-Mark Gurney To: Glen Barber Cc: freebsd-arch@freebsd.org Subject: Re: Enabling all available ttys if available console Message-ID: <20151019185111.GF65715@funkthat.com> References: <20151019171215.GX15305@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151019171215.GX15305@FreeBSD.org> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Mon, 19 Oct 2015 11:51:11 -0700 (PDT) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2015 18:51:13 -0000 Glen Barber wrote this message on Mon, Oct 19, 2015 at 17:12 +0000: > For several months now, I have been contemplating enabling all active > ttys on the system by 1) changing the defaults from std.9600 to 3wire, > and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'. > > The only drawback to doing this that I can think of is it could open > a potential attack vector, however this would require physical access to > the system. > > The benefit to doing this is the system would be accessible via ttys > other than ttyu0 by default, which unless there is someone with local > access to the system, is painful for administrators to gain console > access remotely by default. > > Are there objections to changing the default, or have I missed something > larger in this proposed change? > > Thanks in advance. Please do this. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."