Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 7 Sep 1999 00:40:03 -0500 (CDT)
From:      David Scheidt <dscheidt@tumbolia.com>
To:        KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>
Cc:        dillon@apollo.backplane.com, gjb-freebsd@gba.oz.au, des@flood.ping.uio.no, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: Init(8) cannot decrease securelevel 
Message-ID:  <Pine.NEB.3.96.990907003740.85427A-100000@shell-2.enteract.com>
In-Reply-To: <19990907140016E.kato@gneiss.eps.nagoya-u.ac.jp>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 7 Sep 1999, KATO Takenori wrote:

> DDB does not provide enough security.  Though securelevel cannot be
> changed,
> 
> 	(1) Turn off power.
> 	(2) Boot as single-user mode.

Setting the console as insecure should protect against this.  

> or
> 
> 	(1) Turn off power.
> 	(2) Remove HDD.
> 	(3) Mount on another FreeBSD box.
> 	(4) Edit a file in the HDD.
> 	(5) Return HDD.
> 	(6) Reboot.
> 
> is available.

There isn't a whole lot you can do to protect a system against crackers who
have physical access to the system.  Heavily armed guards would help, but I
don't expect to see them as part of the base distribution anytime soon.


David Scheidt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.990907003740.85427A-100000>