From owner-freebsd-security  Wed Apr 12 10:13:44 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id KAA17772
          for security-outgoing; Wed, 12 Apr 1995 10:13:44 -0700
Received: from phoenix.csc.calpoly.edu (phoenix.csc.calpoly.edu [129.65.17.14])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA17764
          for <security@freebsd.org>; Wed, 12 Apr 1995 10:13:43 -0700
Received: from statler.CalPoly.Edu (statler.csc.calpoly.edu [129.65.17.8]) by phoenix.csc.calpoly.edu (8.6.11) with SMTP id KAA03338; Wed, 12 Apr 1995 10:13:41 -0700
Received: by statler.CalPoly.Edu (5.x/SMI-SVR4)
	id AA05444; Wed, 12 Apr 1995 10:13:34 -0700
From: nlawson@statler.csc.calpoly.edu (Nathan Lawson)
Message-Id: <9504121713.AA05444@statler.CalPoly.Edu>
Subject: Re: FreeBSD Security Problem?
To: davew@sees.bangor.ac.uk (Mr D Whitehead)
Date: Wed, 12 Apr 1995 10:13:34 -0700 (PDT)
Cc: security@FreeBSD.org
In-Reply-To: <9326.9504121533@sol.sees.bangor.ac.uk> from "Mr D Whitehead" at Apr 12, 95 04:33:28 pm
X-Mailer: ELM [version 2.4 PL22]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: security-owner@FreeBSD.org
Precedence: bulk

> 	First the compliments - great job so far.  
> 
> 	Now the problem.  I have been using FreeBSD (2.0R) at home (without 
> any problems) and also evaluating it for use at work.  One ancient and major 
> problem seems to exist (unless I have missed something or it has already been 
> altered) and that is the reboot to single user.  No password, nothing, just a 
> root shell to do with as you wish.  OK I know its not a problem at home - but 
> just imagine the fun all our undergraduates would have with this if we put a 
> machine in a public area (the current suggestion is for 50).
> 
> 	We would really like to replace our ageing Sun SLC's but are seriously
> worried about the above problem - any comments?

Only that it's not a problem.  Change the entry in /etc/ttys for "console"
from "secure" to "insecure" and you will be required to enter the root password
before being dropped to a shell in single-user mode.

Hope this helps.

-- 
Nathan Lawson      | "If the automobile had followed the same development as the
CSL 490/News Admin |  computer, a Rolls-Royce would today cost $100, get a
756-7180 @Work     |  million miles per gallon, and explode once a year,
-------------------   killing everyone inside."          -- Robert Cringely