From owner-freebsd-security Mon Dec 21 07:32:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA05713 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:32:18 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA05699 for ; Mon, 21 Dec 1998 07:32:16 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id QAA35729; Mon, 21 Dec 1998 16:32:09 +0100 (CET) (envelope-from des) To: cjclark@home.com Cc: mohacsi@bagira.iit.bme.hu (Janos Mohacsi), security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> From: Dag-Erling Smorgrav Date: 21 Dec 1998 16:32:09 +0100 In-Reply-To: "Crist J. Clark"'s message of "Mon, 21 Dec 1998 08:24:53 -0500 (EST)" Message-ID: Lines: 21 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Crist J. Clark" writes: > Janos Mohacsi wrote, > > How can I prevent booting FreeBSD into the single user mode without > > supplying either root or maybe different password? > Here's the simple answer, but you might not like it, > > Control physical access to the machine. > > "There is no security without physical security." Well, you can translate physical access to the computer into physical access to a more manageable item, such as a Java ring, if you use some kind of hardware device which strongly encrypts your disks and keep the encryption key on the Java ring. The idea is that you can't boot the computer without the ring, and you can't decrypt the contents of the disk drive without it either (not within reasonable amounts of time, anyway). DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message