From owner-freebsd-security  Wed Apr 12 14:41:47 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id OAA26581
          for security-outgoing; Wed, 12 Apr 1995 14:41:47 -0700
Received: from haven.ios.com (haven.ios.com [198.4.75.45])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id OAA26573
          for <security@FreeBSD.org>; Wed, 12 Apr 1995 14:41:45 -0700
Received: (from rashid@localhost) by haven.ios.com (8.6.9/8.6.9) id RAA05405; Wed, 12 Apr 1995 17:37:09 -0400
From: "Rashid Karimov." <rashid@haven.ios.com>
Message-Id: <199504122137.RAA05405@haven.ios.com>
Subject: Re: FreeBSD Security Problem?
To: nlawson@statler.csc.calpoly.edu (Nathan Lawson)
Date: Wed, 12 Apr 1995 17:37:09 -0400 (EDT)
Cc: davew@sees.bangor.ac.uk, security@FreeBSD.org
In-Reply-To: <9504121713.AA05444@statler.CalPoly.Edu> from "Nathan Lawson" at Apr 12, 95 10:13:34 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1315      
Sender: security-owner@FreeBSD.org
Precedence: bulk

		HI there,

> 
> > 	First the compliments - great job so far.  
> > 
> > 	Now the problem.  I have been using FreeBSD (2.0R) at home (without 
> > any problems) and also evaluating it for use at work.  One ancient and major 
> > problem seems to exist (unless I have missed something or it has already been 
> > altered) and that is the reboot to single user.  No password, nothing, just a 
> > root shell to do with as you wish.  OK I know its not a problem at home - but 
> > just imagine the fun all our undergraduates would have with this if we put a 
> > machine in a public area (the current suggestion is for 50).
> > 
> > 	We would really like to replace our ageing Sun SLC's but are seriously
> > worried about the above problem - any comments?
> 
> Only that it's not a problem.  Change the entry in /etc/ttys for "console"
> from "secure" to "insecure" and you will be required to enter the root password
> before being dropped to a shell in single-user mode.

	There is so called "physical security" :) .
	If you don't trust your undergraduates - put the PC into
	the safe.
	Because even if you'll make the console secure , they will
	be able to harm the PC - by booting from the floppy - if
	the PC has one, of going to hardware setup and reformatting
	the HDD... alot of nasty things :)


	SY
	RK
	K