From owner-freebsd-arch@freebsd.org Mon Oct 19 20:10:00 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D721A196A2 for ; Mon, 19 Oct 2015 20:10:00 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 252F4FB9 for ; Mon, 19 Oct 2015 20:09:59 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id BAEBE20612 for ; Mon, 19 Oct 2015 16:09:58 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute4.internal (MEProxy); Mon, 19 Oct 2015 16:09:58 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=1FQ6gTQA/HH+GiI St6uz8HSkMl4=; b=UwzEqh2DjtF9CdMEDx5CYRKEBrZHgwFpN0nZ+fMjX6fwaw4 rCodbCErROTnOBOGFDRT2cM1DE+i1RE9QuVN8JuxzN251wiTNq+Y9X+7l9RhyhCH iatkRC6PFfsOqa7Z4JI3TIWxHSTuAt+za6voikt34J5Chsps61YEAe57mKOA= Received: by web3.nyi.internal (Postfix, from userid 99) id 9869410CF27; Mon, 19 Oct 2015 16:09:58 -0400 (EDT) Message-Id: <1445285398.1810452.414565353.4CFD9C24@webmail.messagingengine.com> X-Sasl-Enc: FKEHu5fww/Un5kVmyu7xdyHqlZJ3CTFfQc20gR1d/4tY 1445285398 From: Mark Felder To: freebsd-arch@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-25d3ec43 Subject: Re: Enabling all available ttys if available console Date: Mon, 19 Oct 2015 15:09:58 -0500 In-Reply-To: <20151019171215.GX15305@FreeBSD.org> References: <20151019171215.GX15305@FreeBSD.org> X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2015 20:10:00 -0000 On Mon, Oct 19, 2015, at 12:12, Glen Barber wrote: > Hi, > > For several months now, I have been contemplating enabling all active > ttys on the system by 1) changing the defaults from std.9600 to 3wire, > and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'. > > The only drawback to doing this that I can think of is it could open > a potential attack vector, however this would require physical access to > the system. > > The benefit to doing this is the system would be accessible via ttys > other than ttyu0 by default, which unless there is someone with local > access to the system, is painful for administrators to gain console > access remotely by default. > > Are there objections to changing the default, or have I missed something > larger in this proposed change? > > Thanks in advance. > > Glen > I hate later finding that serial console isn't working... I also would appreciate it. -- Mark Felder ports-secteam member feld@FreeBSD.org