From owner-cvs-all  Tue Dec 11  7:52: 7 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id B379E37B416; Tue, 11 Dec 2001 07:52:01 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fBBFpci26338;
	Tue, 11 Dec 2001 10:51:39 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 11 Dec 2001 10:51:37 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Paul Richards <paul@freebsd-services.com>
Cc: Wilko Bulte <wkb@freebie.xs4all.nl>,
	John Baldwin <jhb@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG, mini@haikugeek.com,
	Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>,
	Mike Barcroft <mike@FreeBSD.ORG>
Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
In-Reply-To: <806020000.1008083557@lobster.originative.co.uk>
Message-ID: <Pine.NEB.3.96L.1011211104919.25006F-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On Tue, 11 Dec 2001, Paul Richards wrote:

> > Consoles and/or systems not kept under lock and key (physically I mean)
> > are doomed anyway. Clear the CMOS passowrd (if set in the first place) and
> > then boot from CD or floppy. Off you go..
> <snip> 
> 
> A box where the BIOS is passwd protected, and has been set to only allow
> booting from the hard disk and where FreeBSD is configured to have a
> secure console is pretty secure from a casual attack. You'd have to open
> up the box and clear the CMOS and that sort of activity would be
> difficult in most situations and certainly something that would be
> noticed (we're not talking about sneaking into the server room late at
> night here, we're talking about office/classroom/lab environments where
> the admin is trying to protect the desktop systems from abuse). 
> 
> The loader change means that all that's necessary now is to power cycle
> the box and stop in the boot loader and clear the root passwd. That's
> something that can be done while sitting quite innocuously at the
> console and not drawing any attention to oneself. 

One thing that might actually help, BTW, is if we had a "kiosk" section in
the handbook, or in the FAQ.  Document stuff like disabling
ctrl-alt-delete, preventing the loader from listening to the human,
locking the CPU in a box somewhere, ...  There is, I think, a need to
support that type of environment, but it's definitely not the standard
server environment :-).  Documenting these requirements and procedures
would make it easier for developers not working in that environment to
understand its limitations, and adapt their work to survive that
environment better.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message