Date: 21 Dec 1998 16:32:09 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: cjclark@home.com Cc: mohacsi@bagira.iit.bme.hu (Janos Mohacsi), security@FreeBSD.ORG Subject: Re: preventing single user login w/o password Message-ID: <xzpww3lecjq.fsf@flood.ping.uio.no> In-Reply-To: "Crist J. Clark"'s message of "Mon, 21 Dec 1998 08:24:53 -0500 (EST)" References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> writes: > Janos Mohacsi wrote, > > How can I prevent booting FreeBSD into the single user mode without > > supplying either root or maybe different password? > Here's the simple answer, but you might not like it, > > Control physical access to the machine. > > "There is no security without physical security." Well, you can translate physical access to the computer into physical access to a more manageable item, such as a Java ring, if you use some kind of hardware device which strongly encrypts your disks and keep the encryption key on the Java ring. The idea is that you can't boot the computer without the ring, and you can't decrypt the contents of the disk drive without it either (not within reasonable amounts of time, anyway). DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpww3lecjq.fsf>