Date: Tue, 03 Dec 1996 09:35:20 -0600 From: "Eric L. Hernes" <erich@lodgenet.com> To: "Daniel O'Callaghan" <danny@panda.hilink.com.au> Cc: Joe Diehl <joed@telecom.ksu.edu>, freebsd-security@FreeBSD.org Subject: Re: Securing the freebsd boot process Message-ID: <199612031535.JAA26706@jake.lodgenet.com> In-Reply-To: Your message of "Tue, 03 Dec 1996 12:08:14 %2B1100." <Pine.BSF.3.91.961203115014.1605o-100000@panda.hilink.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
"Daniel O'Callaghan" writes: > > >On Mon, 2 Dec 1996, Joe Diehl wrote: > >> Is there anyway to increase the security of a FreeBSD machine at boot >> time? The two points of concern are booting into single user mode >> without a password, > >This is solved partially by removing the 'secure' keyword from 'console' >in /etc/ttys. That will force init to require the root password before >starting a shell, if the system is booted in single-user mode. >'kill -HUP 1' after editing /etc/ttys. > >> and hitting Ctrl-C repeatedly while /etc/rc is >> executing. Naturally, either of the two will drop the machine to a >> root shell. > >Not sure about this. Perhaps someone else can explain the 'trap' section >of sh(1) more clearly than sh.1 does (see the 'trap' statements at the >start of /etc/rc) > I haven't tried, but you probably could put something like "stty intr '^-'" as one of the first lines in /etc/rc, to disable ^c. Or better yet, you could do the equivalent setctty() in init.c >Danny > > eric. -- erich@lodgenet.com http://rrnet.com/~erich erich@rrnet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612031535.JAA26706>