Date: Mon, 4 Jan 1999 13:23:39 -0500 (EST) From: Alfred Perlstein <bright@hotjobs.com> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Tom Bartol <bartol@salk.edu>, current@FreeBSD.ORG Subject: Re: New boot blocks for serial console ... Message-ID: <Pine.BSF.4.05.9901041319010.37756-100000@bright.fx.genx.net> In-Reply-To: <38416.915473396@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Jan 1999, Jordan K. Hubbard wrote: > > What we're trying to achieve is an environment where the worst thing > > someone could do is cause the machine to reboot. > > Then lock the machine in a room. You're not going to get anywhere > close to that by changing the boot blocks and flagging it as an issue > in this case is simply waving a red herring. the bootblocks aren't all that complicated, i'm sure you can mostly just comment out the code that prompts for a kernel and hardcode it in. perhaps a feature of the bootblocks may be something in boot.conf(?) that restrics the boot device sorta like ipfw, "allow boot wd0"... has anyone thought of the implications of sticking a faux kernel in /tmp and well... nevermind :) you can also play with the /etc/rc script to disallow annoying lab students the priviledge of ^C'ing your starup scripts. look at the 'sh' manpage and search for syntax on 'trap' i think the point is so that some wiseass doesn't stick a floppy in the machine and boot a rouge userland, most bios's come with an option to disable the boot floppy for convience and a false sense of security -Alfred > > - Jordan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9901041319010.37756-100000>