From owner-freebsd-stable  Tue Apr  3 11:32:58 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from nsmail.corp.globalstar.com (gibraltar.globalstar.com [207.88.248.142])
	by hub.freebsd.org (Postfix) with ESMTP
	id EC12A37B719; Tue,  3 Apr 2001 11:32:53 -0700 (PDT)
	(envelope-from cjclark@alum.mit.edu)
Received: from alum.mit.edu ([207.88.153.184]) by
          nsmail.corp.globalstar.com (Netscape Messaging Server 4.15) with
          ESMTP id GB8BIA00.LZF; Tue, 3 Apr 2001 11:32:34 -0700 
Message-ID: <3ACA1755.7C98C5@alum.mit.edu>
Date: Tue, 03 Apr 2001 11:32:53 -0700
From: Crist Clark <cjclark@alum.mit.edu>
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Craig Cowen <craig@allmaui.com>
Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
Subject: Re: su change?
References: <005401c0bc63$7cb36650$0202a8c0@majorzoot> <001f01c0bc68$681a2b20$1200a8c0@gsicomp.on.ca> <20010403140935.F9618@pir.net> <3ACA12FF.F4000B95@allmaui.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[-stable cut from CC-list. -security almost cut.]

Craig Cowen wrote:
> 
> FALSE! If you have the boot prom set not to allow booting from cdrom, you're
> bummin'

Then just enable it again. Jeesh. It's more fun if the system has no
CDROM, tho' (or floppy to boot up OpenBSD). Ever tried to setup a netboot
into single-user just to access a messed up Sun box?

If you've put a password in the boot PROM and forgotten that however, you 
are fscked. Time to buy a new chip!

> > Matthew Emmerton <matt@gsicomp.on.ca> probably said:
> > > Just consider your friend lucky - doing similar things to the root account
> > > on any enterprise UNIX (UnixWare, Solaris, AIX) could require a complete
> > > reinstall - especially if it's running C2-level security.

If you're running a trusted system, is root even that special anymore?
Messing up root should be just like messing up any other account.

> > False.
> >
> > Solaris, certainly, would just require booting from cdrom, mounting /
> > and editing the password file.
-- 
Crist J. Clark                                cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message