From owner-freebsd-questions@FreeBSD.ORG Thu Feb 3 23:20:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A34D16A4CE for ; Thu, 3 Feb 2005 23:20:28 +0000 (GMT) Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk [130.159.196.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5A6343D46 for ; Thu, 3 Feb 2005 23:20:27 +0000 (GMT) (envelope-from chodgins@cis.strath.ac.uk) Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141]) j13NKFfe000952; Thu, 3 Feb 2005 23:20:15 GMT Message-ID: <4202B2CB.3000402@cis.strath.ac.uk> Date: Thu, 03 Feb 2005 23:24:59 +0000 From: Chris Hodgins User-Agent: Mozilla Thunderbird 1.0 (X11/20050202) X-Accept-Language: en-us, en MIME-Version: 1.0 To: epilogue References: <20050203134948.06fee67a@localhost> In-Reply-To: <20050203134948.06fee67a@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for more information X-CIS-MailScanner: Found to be clean X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6) X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk cc: Gert Cuykens cc: Ted Mittelstaedt cc: freebsd-questions@freebsd.org Subject: Re: xhost +localhost X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 23:20:28 -0000 epilogue wrote: > On Thu, 3 Feb 2005 14:43:39 +0100 > Gert Cuykens wrote: > > >>On Thu, 3 Feb 2005 00:32:23 -0800, Ted Mittelstaedt >> wrote: > > >>>While all of this is very interesting academic, if user Gert is dumb >>>enough to leave the console of his UNIX system accessible then user >>>Ted can come along and power cycle it into single user mode and wipe >>>his disks whether he has the root password or not. > > > While i quite agree with Ted's encouraging Gert to run X as joe user, > rather than root (for a variety of security related reasons) it is a > trivial matter implement a password requirement for boot -s. This way, > even if a user can boot -s, they *must* have the root passwd. > > This implementation does mean, however, that you should not forget the > root passwd, for if you do forget, you will not be able to reset it > via boot -s and passwd. > > /etc/ttys > > # If console is marked "insecure", then init will ask for the root > # password when going to single-user mode. > > console none unknown off insecure > > my 2 cents CAD for the day. > > > cheers, > epi > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > If you have local access to a machine, you can easily get access...password or not. Chris