From owner-freebsd-current  Mon Jan  4 10:20:10 1999
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA14765
          for freebsd-current-outgoing; Mon, 4 Jan 1999 10:20:10 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from bright.fx.genx.net (bright.fx.genx.net [206.64.4.154])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA14760
          for <current@FreeBSD.ORG>; Mon, 4 Jan 1999 10:20:08 -0800 (PST)
          (envelope-from bright@hotjobs.com)
Received: from localhost (bright@localhost)
	by bright.fx.genx.net (8.9.1/8.9.1) with ESMTP id NAA48135;
	Mon, 4 Jan 1999 13:23:39 -0500 (EST)
	(envelope-from bright@hotjobs.com)
X-Authentication-Warning: bright.fx.genx.net: bright owned process doing -bs
Date: Mon, 4 Jan 1999 13:23:39 -0500 (EST)
From: Alfred Perlstein <bright@hotjobs.com>
X-Sender: bright@bright.fx.genx.net
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
        Tom Bartol <bartol@salk.edu>, current@FreeBSD.ORG
Subject: Re: New boot blocks for serial console ... 
In-Reply-To: <38416.915473396@zippy.cdrom.com>
Message-ID: <Pine.BSF.4.05.9901041319010.37756-100000@bright.fx.genx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 4 Jan 1999, Jordan K. Hubbard wrote:

> > What we're trying to achieve is an environment where the worst thing
> > someone could do is cause the machine to reboot.
> 
> Then lock the machine in a room.  You're not going to get anywhere
> close to that by changing the boot blocks and flagging it as an issue
> in this case is simply waving a red herring.

the bootblocks aren't all that complicated, i'm sure you can mostly just
comment out the code that prompts for a kernel and hardcode it in.

perhaps a feature of the bootblocks may be something in boot.conf(?) that
restrics the boot device sorta like ipfw, "allow boot wd0"...

has anyone thought of the implications of sticking a faux kernel in /tmp
and well... nevermind :)

you can also play with the /etc/rc script to disallow annoying lab
students the priviledge of ^C'ing your starup scripts.  look at the 'sh'
manpage and search for syntax on 'trap'

i think the point is so that some wiseass doesn't stick a floppy in the
machine and boot a rouge userland, most bios's come with an option to
disable the boot floppy for convience and a false sense of security

-Alfred

> 
> - Jordan
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message