From owner-freebsd-current  Mon Jan  4 11:05:51 1999
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA19603
          for freebsd-current-outgoing; Mon, 4 Jan 1999 11:05:51 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from dingo.cdrom.com (castles165.castles.com [208.214.165.165])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19596
          for <current@FreeBSD.ORG>; Mon, 4 Jan 1999 11:05:49 -0800 (PST)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (LOCALHOST [127.0.0.1])
	by dingo.cdrom.com (8.9.1/8.8.8) with ESMTP id KAA14013;
	Mon, 4 Jan 1999 10:58:56 -0800 (PST)
	(envelope-from mike@dingo.cdrom.com)
Message-Id: <199901041858.KAA14013@dingo.cdrom.com>
X-Mailer: exmh version 2.0.2 2/24/98
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>,
        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
        Tom Bartol <bartol@salk.edu>, current@FreeBSD.ORG
Subject: Re: New boot blocks for serial console ... 
In-reply-to: Your message of "Mon, 04 Jan 1999 19:38:46 +0100."
             <14874.915475126@critter.freebsd.dk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 04 Jan 1999 10:58:55 -0800
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> In message <38397.915473345@zippy.cdrom.com>, "Jordan K. Hubbard" writes:
> >> Not at all.   Ever heard of a padlock?
> >
> >Give me physical access to your machine, with or without a padlock,
> >and I'll have root on that baby before you have a chance to come back
> >from lunch.
> >
> >I think the original comment that there's no security without physical
> >security has definite merit.  The NSA learned this decades ago! :)
> 
> Uhm, well there is, but it is called "tamper-proof hardware" and costs
> a fortune.

It's not "tamper-proof", it's "tamper-resistant", and I can suggest a 
wide range of "tampering" hardware that it won't stand up to for long.

But Garrett's point is actually quite valid; there's a fairly wide gap 
between "I will just fiddle with the console" and "I will walk into the 
server room with a pair of bolt cutters", and all that's required to 
close that gap is changing boot2 to not wait that couple of seconds 
before launching the loader, or to ignore the keyboard while it is.

The latter would actually be easier, given its current design; add a 
'-X' option to /boot.config to disable the keyboard.  Diffs happily 
accepted.

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message