Date: Mon, 23 Oct 2000 18:36:47 +0300 From: Odhiambo Washington <wash@iconnect.co.ke> To: Tim McMillen <timcm@umich.edu> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: secure boot Message-ID: <20001023183647.L39976@poeza.iconnect.co.ke> In-Reply-To: <Pine.SOL.4.10.10010230941490.12076-100000@gorf.gpcc.itd.umich.edu>; from "Tim McMillen" on Mon, Oct 23, 2000 at 09:47:08AM -0400 References: <200010231306.PAA69534@gilberto.physik.rwth-aachen.de> <Pine.SOL.4.10.10010230941490.12076-100000@gorf.gpcc.itd.umich.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
* Tim McMillen <timcm@umich.edu> [20001023 16:49]: => =>No. If somebody has physical access to your box they can do anything they =>want. Including wiping freebsd off your HD and installing windows. => For example you can mark the console as insecure so they have to =>have the superuser password. But all they have to do is have a boot =>floppy to get single user mode. Hey, just wondered if a boot floppy is really necessary...if they cold bott and choose single user mode at the prompt...is there a way of stopping/preventing that??? So that even booting into SUM requires the root passwd... =>You could take out the floppy and cdrom =>drive and allow booting only from the HD. An attacker could just install =>those things back. You can password protect the bios, but taking the =>battery off of it wipes it out and they can change the bios again. => There is no substitute for physical security =>Doing some of the above will help, ie make it more inconvenient to attack =>the box, but you cannot be absolutely safe. => Tim => => =>On Mon, 23 Oct 2000, Christoph Kukulies wrote: => =>> =>> Is there a way to make FreeBSD absolutely safe against rebooting =>> and getting into super user mode, e.g. by interrupting the =>> boot process, ^C into single user or booting into single user mode? =>> =>> -- =>> Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de => => => =>To Unsubscribe: send mail to majordomo@FreeBSD.org =>with "unsubscribe freebsd-questions" in the body of the message -Wash -- Odhiambo Washington Inter-Connect Ltd., wash@iconnect.co.ke 5th Flr Furaha Plaza Tel: 254 11 222604 Nkrumah Rd., Fax: 254 11 222636 PO Box 83613 MOMBASA, KENYA. I came, I saw, I deleted all your files. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001023183647.L39976>