From owner-freebsd-security Mon May 14 11:14:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 7FDF137B423 for ; Mon, 14 May 2001 11:14:06 -0700 (PDT) (envelope-from craig@allmaui.com) Received: from allmaui.com (pwnat-2-o.placeware.com [209.1.15.34]) by allmaui.com (8.8.8/8.8.5) with ESMTP id OAA05591; Mon, 14 May 2001 14:13:49 -0400 Message-ID: <3B00216B.6D83C12D@allmaui.com> Date: Mon, 14 May 2001 11:18:19 -0700 From: Craig Cowen X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Rob Simmons Cc: Eric Anderson , "Oulman, Jamie" , freebsd-security@FreeBSD.ORG Subject: Re: nfs mounts / su / yp References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org how about using a bios passwd and removing the floppy from bios? Rob Simmons wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > You could set the console to insecure in /etc/ttys. That way single user > mode will ask for the root password. You still can't prevent someone from > booting with their own floppy disk and making changes that way. I think > the only way to prevent that is to use an encrypted filesystem of some > sort. > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ > > On Mon, 14 May 2001, Eric Anderson wrote: > > > If a user reboots their machine, goes into single user mode, and changes > > the local root password (and adds their username into the wheel group of > > course), then boots into multiuser mode, they can su to root, then su to > > any NIS user they desire, and do malicious things as that user. su'ing > > from root to any other user never asks for a password, so login.conf > > isn't used (right?).. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.5 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE7AB2qv8Bofna59hYRA0ebAKCQ9R1wLoemlWAuEdplqcSMcY12IQCfVH0B > 8SkJHNs8J3aEYZ8dk27La2k= > =Qb9E > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message