From owner-freebsd-security Mon May 14 12:43:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id E824337B424 for ; Mon, 14 May 2001 12:43:52 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f4EJhRC02201; Mon, 14 May 2001 12:43:27 -0700 (PDT) Date: Mon, 14 May 2001 12:43:27 -0700 From: Alfred Perlstein To: Erik Trulsson Cc: "'freebsd-security@freebsd.org'" Subject: Re: nfs mounts / su / yp Message-ID: <20010514124326.C2009@fw.wintelcom.net> References: <20010514200927.A32697@student.uu.se> <20010514204259.A33451@student.uu.se> <3B00295D.24643CD7@centtech.com> <3B002E2B.1337F4C9@lmc.ericsson.se> <20010514122650.T18676@fw.wintelcom.net> <20010514213854.A34209@student.uu.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010514213854.A34209@student.uu.se>; from ertr1013@student.uu.se on Mon, May 14, 2001 at 09:38:54PM +0200 X-all-your-base: are belong to us. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Erik Trulsson [010514 12:39] wrote: > On Mon, May 14, 2001 at 12:26:50PM -0700, Alfred Perlstein wrote: > > > > FreeBSD has securelevels, while not ideal, if implemented properly > > they can limit what root can do. > > Yes, but if users have physical access to the machine they can always reboot > into single user mode. In that case securelevels don't help. > > It is very difficult to secure a machine completely if users have physical > access to it. My apologies, I didn't realize you were talking about physical access. -- -Alfred Perlstein - [alfred@freebsd.org] http://www.egr.unlv.edu/~slumos/on-netbsd.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message