From owner-freebsd-security Mon Dec 21 06:03:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA26339 for freebsd-security-outgoing; Mon, 21 Dec 1998 06:03:08 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from k6n1.znh.org (dialup7.gaffaneys.com [208.155.161.57]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA26322 for ; Mon, 21 Dec 1998 06:02:57 -0800 (PST) (envelope-from zach@gaffaneys.com) Received: (from zach@localhost) by k6n1.znh.org (8.9.1/8.9.1) id OAA28213; Mon, 21 Dec 1998 14:00:38 GMT (envelope-from zach) Message-ID: <19981221080038.A5438@znh.org> Date: Mon, 21 Dec 1998 08:00:38 -0600 From: Zach Heilig To: Janos Mohacsi , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Janos Mohacsi on Mon, Dec 21, 1998 at 12:17:30PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 12:17:30PM +0100, Janos Mohacsi wrote: > How can I prevent booting FreeBSD into the single user mode without > supplying either root or maybe different password? Change this line (in /etc/ttys): console none unknown off secure to: console none unknown off insecure This does not prevent booting from a floppy, and mounting filesystems from there. Even if you disable floppy/cdrom booting (or remove all floppy/cdrom drives), it does not prevent opening the machine and shorting the "reset bios cmos settings" jumper. -- Zach Heilig (zach@gaffaneys.com) Our one strength was that our senior officers were more flexible than theirs... How's that? We can customize our colonels. [ Illiad in User Friendly, Dec. 1, 1998 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message