From owner-freebsd-questions@FreeBSD.ORG  Tue Mar  3 18:08:40 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B7A10C37
 for <freebsd-questions@freebsd.org>; Tue,  3 Mar 2015 18:08:40 +0000 (UTC)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 737C310B
 for <freebsd-questions@freebsd.org>; Tue,  3 Mar 2015 18:08:40 +0000 (UTC)
Received: from r56.edvax.de (port-92-195-131-196.dynamic.qsc.de
 [92.195.131.196])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx02.qsc.de (Postfix) with ESMTPS id 5F61227847;
 Tue,  3 Mar 2015 19:08:36 +0100 (CET)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id t23I8aDm002018;
 Tue, 3 Mar 2015 19:08:36 +0100 (CET) (envelope-from freebsd@edvax.de)
Date: Tue, 3 Mar 2015 19:08:36 +0100
From: Polytropon <freebsd@edvax.de>
To: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com>
Subject: Re: Check root password changes done via single user mode
Message-Id: <20150303190836.8260c9ba.freebsd@edvax.de>
In-Reply-To: <CAOgwaMvytBWdoprPNSuqKMnuX-w7-L_u1Wvg=kTH7nEDCjTjvw@mail.gmail.com>
References: <54F56A83.3000404@gmail.com>
 <CA+yaQw_3JJ2tJm32or-UmSpfMFo_jCn_JD1xFw=1E9i9K2reDg@mail.gmail.com>
 <54F57CD9.2000707@gmail.com> <54F5AF25.7000303@qeng-ho.org>
 <20150303141633.c38bdc7b.freebsd@edvax.de>
 <CAOgwaMvytBWdoprPNSuqKMnuX-w7-L_u1Wvg=kTH7nEDCjTjvw@mail.gmail.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 18:08:40 -0000

On Tue, 3 Mar 2015 06:02:13 -0800, Mehmet Erol Sanliturk wrote:
> If any one is in front of the console , he/she may use a boot CD/DVD/USB
> stick to boot a copy of the operating system , and do whatever wants to do .

Only if booting from removable media is enabled in the
BIOS or EFI, and if it's not, a password protection would
stop the attacker from changing the setting.

It's not that anything possible couldn't be made impossible
by a clever trick, still leaving several other possible ways
of doing it... ;-)

On the other hand: If physical access has already been
gained, the attacker could remove the hard disk and use
it, for example with an USB adapter, with his own equipment
he brought. Of course it's possible to prevent that attack
by using non-standard screws, which only works as long as
the attacker doesn't have the right tools for those screws.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...