Date: Wed, 22 Sep 2004 08:23:19 -0700 From: "Keith Baldwin" <keith@southo.net> To: <freebsd-isp@freebsd.org> Subject: RE: funny customers Message-ID: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> In-Reply-To: <65077.62.242.151.142.1095864567.squirrel@mailbox.wingercom.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Didn't see it posted yet so here. >From http://www.daemonnews.org/200108/security-howto.html in the Local Security section: "Lets begin with /etc/ttys. Open it up in your favorite editor and find = the console line: console none unknown off secure Change "secure" to "insecure", so the user is asked for the root = password when going to single user mode. Be warned this will also make recovering lost root passwords more difficult, But it will prevent someone from = gaining root access to your machine locally provided they do not have a boot = disk." Regards, Keith -----Original Message----- From: owner-freebsd-isp@freebsd.org = [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Per Engelbrecht Sent: Wednesday, September 22, 2004 7:49 AM To: freebsd-isp@freebsd.org Subject: Re: funny customers Hi Dennis > > On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: >> But right now I need a way to bypass (I don't think it's possible) >> the single_user mode root login feature. > > Just an idea (as it doesn't work ;) ... > > A trick known from linux is to boot the kernel with /bin/sh instead > of /sbin/init. You'd do "set init_path=3D/bin/sh" for that in the > loader. This would bypass the usual startup and thus you won't be > asked for the password. > > However, i just tried this and it doesn't work. The sh immediately > exists and consequently the kernel panics. Don't know what's the > problem there... Hmm .. I'm not sure why, but in FreeBSD both csh (default root shell ... *&#@$!) and sh are linked static and tampering with these from the boot-process through /sbin/init (which is the last part of the boot-process anyway) is something I wouldn't do. Creative thinking though :) Thank you Dennis. respectfully /per per@xterm.dk > > - D. _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029901c4a0b8$17069330$f501a8c0>