From owner-freebsd-hackers Sat Jul 6 17:03:41 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA12131 for hackers-outgoing; Sat, 6 Jul 1996 17:03:41 -0700 (PDT) Received: from kropotkin.gnu.ai.mit.edu (kropotkin.gnu.ai.mit.edu [128.52.46.40]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA12125 for ; Sat, 6 Jul 1996 17:03:38 -0700 (PDT) Received: by kropotkin.gnu.ai.mit.edu (8.6.12/8.6.12GNU) id UAA22194; Sat, 6 Jul 1996 20:03:29 -0400 Date: Sat, 6 Jul 1996 20:03:29 -0400 Message-Id: <199607070003.UAA22194@kropotkin.gnu.ai.mit.edu> To: terry@lambert.org Sent-via: terry@lambert.org CC: terry@lambert.org, kaveman@magna.com.au, hackers@FreeBSD.ORG Sent-via: terry@lambert.org, kaveman@magna.com.au, hackers@FreeBSD.ORG In-reply-to: <199607062223.PAA18933@phaeton.artisoft.com> (message from Terry Lambert on Sat, 6 Jul 1996 15:23:49 -0700 (MST)) Subject: Re: What is the best way to setup a drive From: Joel Ray Holveck Reply-to: joelh@gnu.ai.mit.edu Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >>>>> I don't think there is a problem with symlinking /etc/passwd; >>>> Except when booting single user with an insecure console. :) >>> THere is no such thing as an insecure console, IMO. If they can >>> use a screwdriver to remove the hard drive, single user >>> non-password root access isn't a problem. >> Well, in the lab across the room from me, somebody can easily set >> up an insecure suid program in no time and not be noticed. But >> somebody is sure to notice through the glass walls the guy with a >> screwdriver and a maniacal look. > How obvious is rebooting from a floppy? Depends on whether or not a lock is sitting over the drive door, or whether or not a floppy drive is installed. > Are all the power connectors, switches, etc. secured? How that lab is set up is irrelevant. I think that the single user bit is a topic of concern. -- http://www.wp.com/piquan --- Joel Ray Holveck --- joelh@gnu.ai.mit.edu Fourth law of computing: Anything that can go wro .signature: segmentation violation -- core dumped