From owner-freebsd-questions Tue Apr 4 16:39:47 2000 Delivered-To: freebsd-questions@freebsd.org Received: from postal.linkfast.net (postal.linkfast.net [208.160.105.16]) by hub.freebsd.org (Postfix) with ESMTP id 846D337B8F5 for ; Tue, 4 Apr 2000 16:39:44 -0700 (PDT) (envelope-from grasshacker@linkfast.net) Received: from gh (modem138.linkfast.net [208.160.105.138]) by postal.linkfast.net (Postfix) with SMTP id B23129B0F for ; Tue, 4 Apr 2000 18:39:42 -0500 (CDT) Message-ID: <014701bf9e8f$0da39700$fc69a0d0@linkfast.net.linkfast.net> From: "gh" To: References: <86962.954843435@axl.ops.uunet.co.za> <38E9E3E8.359C0F6@sterling.com> <20000404155359.A71975@relay.ucb.crimea.ua> Subject: Re: Disable boot -s Date: Tue, 4 Apr 2000 18:39:42 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Tue, Apr 04, 2000 at 07:45:28AM -0500, Alan Edmonds wrote: > > Sheldon Hearn wrote: > > > > > > On Tue, 04 Apr 2000 12:18:13 GMT, Andrew wrote: > > > > > > > I have FreeBSD mail server in my organisation. It located in room > > > > with no lock, with free access to the PC's monitor for all. This is my > > > > workbench. > > > > > > > > I'm afraid that anyone, who knows about boot -s, may reboot the > > > > machine and makes me cry. > > > > > > Okay, I take back my previous advice. Although what I told you about > > > flagging the console as insecure was sound advice in some circumstances, > > > it's just going to lead you into a false sense of security in this case. > > > > > > Anyone who knows about boot -s probably also knows how to create boot > > > floppies. Getting into your PC won't be very difficult. > > > > > > Removing the floppy drive from your box may help, provided that you have > > > some way of ensuring that nobody opens the box up with a screwdriver or > > > saw. > > > > I'm not sure if it was on this list, but one security conscious person > > would leave the floppy drive installed, but install it facing into > > the case. That way he could remove the system cover if he needed > > access to the floppy and didn't have to carry around an extra floppy > > drive. As I recall, this was in a classroom situation and he wanted > > to prevent students from stealing software and data from the PCs. > > > > I apologize if I got the details wrong and for forgetting who > > originally posted this. > > > Or just set the BIOS to boot from the hard drive first. > Heh, while not forgetting to set a BIOS password. ;-) Dan gh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message