From owner-freebsd-questions Sat Apr 28 15:27:49 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 99B5937B43C for ; Sat, 28 Apr 2001 15:27:45 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 24944 invoked by uid 100); 28 Apr 2001 22:27:44 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15083.17376.926579.60552@guru.mired.org> Date: Sat, 28 Apr 2001 17:27:44 -0500 To: Frank v Waveren Cc: questions@freebsd.org Subject: Re: securing the bootup sequence In-Reply-To: <27431173@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Frank v Waveren types: > I'm trying to secure the bootup sequence of a 4.3-release install. > With a linux install (the box's previous install) this is quite easy, > just set the bios to disallow boot from floppy, and give lilo the > password= and 'restricted' options. With that configuration, there is > no way to get access to an account on the box without physically > opening it. > > However, trying to do this with FreeBSD proves a lot harder. Since I > have two IDE drives, boot0 gives the F? list of drives, from which you > can select the drive without the kernel on it, which can bring the > boot process to a halt, which isn't nice, but isn't terrible either. You don't *have* to use boot0. You could, for instance, use a standard MBR to avoid that. Or any other boot loader. For instance, if you set up grub as recommended, it boots /boot/loader, thus skipping both boot0 and boot2. > boot2 is a lot more annoying however. Even if it doesn't show it's > prompt by default, pressing space when you get the first '-' will > bring up the prompt. From here, you can load an arbitrary replacement > for /boot/loader, either previously stored in a users homedir or from > floppy. I can't find any way short of hacking the code of stopping > boot2 from doing this. Sounds like a good reason not to use boot2. > The next part of the entertainment is /boot/loader. According to all > the docu, having a set password=foo and check-password in > /boot/loader.rc should get you a password prompt if you do anything > apart from allowing the autoboot to continue. However, the password > prompt doesn't appear for me, whatever I tried.. :-(. It's not 'set password=foo', it's just 'password="foo"' in /boot/loader.conf. It works fine for me. You could also try skipping /boot/loader and just loading the kernel, but there the loader apparently sets some stuff up that the running system needs. > I have found one discussion from a while back on this topic on > deja.com, however I didn't find any useful answers apart from "there's > no such thing as security if the attacker has physical access", but > I'm not trying to protect against physical access here, just console > access. Well, you still can't make it perfect - but there's no reason not to make it as hard as possible. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message