Date: Mon, 12 Jun 2000 13:04:18 +0300 From: Alexandru Popa <razor@ldc.ro> To: freebsd-questions@freebsd.org Cc: razor@ldc.ro Subject: Securing bootup procedure on a public physical access machine Message-ID: <20000612130418.A18033@ldc.ro>
next in thread | raw e-mail | index | archive | help
Is it possible to "secure" the bootup procedure so that a computer that is located in a public place cannot be "rooted" by just specifying single-user mode bootup? I am using FreeBSD 4.0-RELEASE (I will update to -stable soon), on an entirely-FreeBSD disk (no fdisk type partitions, aka "dangerously dedicated"). I know about the password mechanism in /boot/, but as I understand the three-phase bootup procedure, it is possible to convnice first the MBR block to boot from a floppy, then the boot manager, or it is possible to fool the second-stage boot manager to load another third-stage boot manager. Please correct me if I am wrong, or give suggestions so I can trust that machine. Note that I am not subscribed to -questions, so please cc me on the answer. Thanks a lot, Alex. ------------+------------------------------------------ Alex Popa, |There never was a good war or a bad peace razor@ldc.ro| -- B. Franklin ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000612130418.A18033>