Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Jul 2000 13:27:21 +0300
From:      Alex Popa <razor@ldc.ro>
To:        Dan O'Connor <dan@mostgraveconcern.com>
Cc:        freebsd-security@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: securing the boot process (again?!?)
Message-ID:  <20000704132721.A13263@ldc.ro>
In-Reply-To: <0d8b01bfe56a$0c01c580$0200000a@danco>; from dan@mostgraveconcern.com on Mon, Jul 03, 2000 at 08:43:38PM -0700
References:  <0d8b01bfe56a$0c01c580$0200000a@danco>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 03, 2000 at 08:43:38PM -0700, Dan O'Connor wrote:
> >> Doesn't your computer have a BIOS password? These are typically invoked
> >> *before* the BIOS tries to boot off any disk...
> >
> >Unfortunately BIOS passwords can be disabled on the motherboard in a matter
> >of minutes (for most motherboards that I know of).  Even Dell laptops
> (don't
> >know about their desktops/servers) have a master password that Dell will
> give
> >you if you call them, provided you give them some details first.
> 
> Looks like there's not really much you can do if you can't physically secure
> the machine.
> 
> Even all the other tricks, boot only from hard drive, setting the delay to
> '0', are pointless if someone can get inside the hardware case, change
> jumpers, get into the BIOS and turn on boot from floppy and then boot from a
> floppy. On the other hand, if someone has the opportunity to do all that,
> they might as well just steal the whole box...
> 
> Moral of the story: either secure the machine in a location where malicious
> users can't get to it or take the consequences.
> 
Okay, my mistake: by "public access machine" I meant users have access
to the fromt panel of the PC (so they can use the floppy drive) and a
keyboard and monitor, but *NOT* the inside of the case (the case is
sort of buried in a wall).  And the problem I had was (apart from booting
an evil kernel installed on /tmp) that by setting the floppy drive to
"none" in the BIOS the kernel (4.0-STABLE) canot use floppies after
booting.

I do have a BIOS password, and of what I've heard there is no other
way of bypassing it except for the jumpers on the motherboard
(impossible, see above).

------------+------------------------------------------
Alex Popa,  |There never was a good war or a bad peace
razor@ldc.ro|                   -- B. Franklin
------------+------------------------------------------
"It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000704132721.A13263>