From owner-freebsd-arch@freebsd.org Mon Oct 19 17:16:43 2015 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B1BCA187C4 for ; Mon, 19 Oct 2015 17:16:43 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 4AC091BD7; Mon, 19 Oct 2015 17:16:43 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id E67A61838; Mon, 19 Oct 2015 17:16:42 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 19 Oct 2015 17:16:41 +0000 From: Glen Barber To: freebsd-arch@FreeBSD.org Subject: Re: Enabling all available ttys if available console Message-ID: <20151019171641.GZ15305@FreeBSD.org> References: <20151019171215.GX15305@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wDIVdgWPGyZzZswh" Content-Disposition: inline In-Reply-To: <20151019171215.GX15305@FreeBSD.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2015 17:16:43 -0000 --wDIVdgWPGyZzZswh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 19, 2015 at 05:12:15PM +0000, Glen Barber wrote: > Hi, >=20 > For several months now, I have been contemplating enabling all active > ttys on the system by 1) changing the defaults from std.9600 to 3wire, > and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'. >=20 > The only drawback to doing this that I can think of is it could open > a potential attack vector, however this would require physical access to > the system. >=20 > The benefit to doing this is the system would be accessible via ttys > other than ttyu0 by default, which unless there is someone with local > access to the system, is painful for administrators to gain console > access remotely by default. >=20 > Are there objections to changing the default, or have I missed something > larger in this proposed change? >=20 I should have also added that the change I propose is the default for all architectures except amd64, i386, pc98, and mips. This would effectively enable the same behavior across all architectures. Glen --wDIVdgWPGyZzZswh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWJSV5AAoJEAMUWKVHj+KTlAgP/0YJeoP2Ly3ebA9kBUPxiUpU wJuF17F+pTjZg7qzRPT5iM/qumxLItKoUlW+lYJdpb6ny9e6CMGx8vOTBiOl1anC SLmyZR5Py3/uFx5JdJDzKPOv6hMCwCJJoQZcy/i7worsYFpsyKynyBWTW3WoJzep rxz8rOc+aGxSwgNza/5gPVuvEXq5vv+HGBR/dSNckZw/AELOwhSRd2p4CvwQRGrZ 4LFdrkIOfzZtnT0brlIOUs45NtRzT1Z7Qx6VkQp2AdP8OtAxgOiGBocyj6hgyCwS LOXLqrtFLtmWKsipM0pgyimaUSc+fyBK4xETuAIFyZ4H+nSzSpElYtYezAFA439u e7/82hBH4zPnNwT4bViMC4YBK0M5aHMx/d/yUnxdbj4lkB4MNDeEApDgOIfzdupn HLFH2F/gA+mYNbrMJGyfnnDZMqCe08uMsWi7AWMuNxGRRCsw6N0iCVKW3+GOYIk+ xzBBXxI2dFoHTiT9KJQzEgFQQCLVAv4qJfCw2akK1hoarNxIq8jWUmK7TIxiYEux yQSKXyQ4fsWEZNWAtQVOnNkIPq4vqAhl3E6GrgLSLHCc1mhzDHe7wd8Mj2nwWI6O oaIgvnNxd3sXV+aZyrsngtcqJ+pYRH9YKA3rHpkkIavxA93v+/8O5QXGLxLxS5k0 9vH/mDGqrnDPYwpxP/Xy =GAar -----END PGP SIGNATURE----- --wDIVdgWPGyZzZswh--