From owner-freebsd-questions@FreeBSD.ORG Tue Mar 3 14:02:15 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 473B2FC2 for ; Tue, 3 Mar 2015 14:02:15 +0000 (UTC) Received: from mail-yh0-x233.google.com (mail-yh0-x233.google.com [IPv6:2607:f8b0:4002:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0673BF55 for ; Tue, 3 Mar 2015 14:02:14 +0000 (UTC) Received: by yhoa41 with SMTP id a41so18300123yho.9 for ; Tue, 03 Mar 2015 06:02:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MpK/HLfLrXHPdAZ+O/Td2+dLxto2Xidaa7v0EeaPuyo=; b=SNXvEGuIHnglSY8TSlUz1+wIX723g5DaUMbx2EwH+DslkrQowqtjqd4z5BWoiHnp7p +RgtBL2MSt/6GyFxDRtMUjZObS5emlnC3gbcLzV7GUnLYr69582smYOQV8xD8Wejdonr z55lT8kg0N7t8zPI1NEUTcBdOJPV6WQamXDB6E/DDjMmxV3q2kFRJnDQwS8udMBBhXm3 BUae3HZCnUFeW2IUxduhcXkuMiN7g169fQsGqRmaMGtCxL2lmJe84FzrfyaTLUVUSru1 DUzG9cUyMNFIMW9Ae7GNtvaFPZxUdIk0ikZBJWfEqdmJp6Pmh1/P/DGh16FjzvCbGzZ4 yO1A== MIME-Version: 1.0 X-Received: by 10.236.228.2 with SMTP id e2mr30462664yhq.122.1425391334015; Tue, 03 Mar 2015 06:02:14 -0800 (PST) Received: by 10.170.60.85 with HTTP; Tue, 3 Mar 2015 06:02:13 -0800 (PST) In-Reply-To: <20150303141633.c38bdc7b.freebsd@edvax.de> References: <54F56A83.3000404@gmail.com> <54F57CD9.2000707@gmail.com> <54F5AF25.7000303@qeng-ho.org> <20150303141633.c38bdc7b.freebsd@edvax.de> Date: Tue, 3 Mar 2015 06:02:13 -0800 Message-ID: Subject: Re: Check root password changes done via single user mode From: Mehmet Erol Sanliturk To: Polytropon Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: fluxwatcher@gmail.com, Arthur Chance , FreeBSD Questions Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2015 14:02:15 -0000 On Tue, Mar 3, 2015 at 5:16 AM, Polytropon wrote: > On Tue, 03 Mar 2015 12:55:01 +0000, Arthur Chance wrote: > > As Bruce Schneier says, there's no such thing as perfect security, it > > all depends on what costs (in money, time, or effort) attacker and > > defender are prepared to pay. > > Also consider non-OS security in this context: A CCTV camera > monitoring the console, or a hardware keylogger that can be > examined for SUM logins and "passwd" command calls. This is > relatively easy with physical servers, but those which are > being accessed via network (and with some management solution > that let's you, for example, access the serial console via > IP) could benefit from a mechanism examining the network > traffic; but as soon as you have end-to-end encryption in > such a setup, it won't work... except it's weak crypto and > you have the sufficient means... > > FreeBSD can only offer a specific subset of solutions "out > of the box", and a versatile attacker will always find a way > to avoid those obstacles. > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > _______________________________________________ > > If any one is in front of the console , he/she may use a boot CD/DVD/USB stick to boot a copy of the operating system , and do whatever wants to do . Thank you very much . Mehmet Erol Sanliturk