From owner-freebsd-current Mon Jan 4 09:14:07 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA07549 for freebsd-current-outgoing; Mon, 4 Jan 1999 09:14:07 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from helmholtz.salk.edu (helmholtz.salk.edu [198.202.70.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA07544 for ; Mon, 4 Jan 1999 09:14:05 -0800 (PST) (envelope-from bartol@salk.edu) Received: from eccles.salk.edu (eccles [198.202.70.120]) by helmholtz.salk.edu (8.7.5/8.7.3) with SMTP id JAA22814; Mon, 4 Jan 1999 09:13:39 -0800 (PST) Date: Mon, 4 Jan 1999 09:13:40 -0800 (PST) From: Tom Bartol To: Garrett Wollman cc: current@FreeBSD.ORG Subject: Re: New boot blocks for serial console ... In-Reply-To: <199901041703.MAA08597@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 4 Jan 1999, Garrett Wollman wrote: > < said: > > >> Not at all. Ever heard of a padlock? > > > Well, then, there's your solution! > > No, because it still doesn't prevent someone from walking up to the > machine and telling it to boot something it shouldn't. > > What we're trying to achieve is an environment where the worst thing > someone could do is cause the machine to reboot. > Then what you need is an untouchable machine in the hardware AND software sense. Padlock the room where the machine sits, get a UPS with plenty reserve power, and don't put it the machine on the net. Probably not a very useful machine when you're all done doing that :-) Sorry, I'm just jerking you around here, you're original idea about have a streamlined boot process is a good one, I'm just pointing out that this is really just a deterrent, like all other security measures as there really is no absolute solution to achieve absolute security. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message