From owner-freebsd-questions  Sun Feb  1 14:39:42 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA19886
          for questions-outgoing; Sun, 1 Feb 1998 14:39:42 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mail-ftp.nordicdms.com (mail-ftp.nordicdms.com [208.1.210.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA19854
          for <freebsd-questions@FreeBSD.ORG>; Sun, 1 Feb 1998 14:39:34 -0800 (PST)
          (envelope-from walton@nordicdms.com)
Received: from mail-ftp (mail-ftp.nordicdms.com [208.1.210.10])
          by mail-ftp.nordicdms.com (Post.Office MTA v3.1 release PO205e
          ID# 0-0U10L2S100) with SMTP id AAA234;
          Sun, 1 Feb 1998 14:39:33 -0800
Comments: Authenticated sender is <walton@mail.nordicdms.com>
From: walton@nordicdms.com (Dave Walton)
Organization: Nordic Entertainment Worldwide
To: "David E. Cross" <dec@phoenix.its.rpi.edu>, freebsd-questions@FreeBSD.ORG
Date: Sun, 1 Feb 1998 14:39:32 -800
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: FreeBSD boot banner (securing FreeBSD)
Reply-to: walton@nordicdms.com
References: <34D4E92B.C0BA0172@tdx.co.uk>
In-reply-to: <Pine.BSF.3.96.980201165642.2916B-100000@phoenix.its.rpi.edu>
X-mailer: Pegasus Mail for Win32 (v2.52)
Message-ID: <19980201223933481.AAA234@mail-ftp.nordicdms.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions"

On  1 Feb 98 at 16:59, David E. Cross wrote:

> On Sun, 1 Feb 1998, Karl Pielorz wrote:
> 
> > You could always set a BIOS password on the machine, make sure the case is
> > very well secured (back to padlock again) - and disable the machine booting
> > from the Floppy drive - which at least leaves it free for usage once booted?
> > 
> Yes, this is what has already beeen done (BIOS password, with disabled
> floppy drive for booting), but this is uselesss, as The FreeBSD boot-block
> allows you to load the kernel from an arbitrary device (per the /boot.help
> file), a person just need to have the install disk, and the fixit disk,
> when the machinne comes up wait for the FreeBSD boot prompt, place the
> install disk in the drive, enter -fd(0,a)/kernel... and viola, you have
> root on the system without ever cracking a screw on the case.


This really depends on what BIOS you have.  I've seen PCs that have 
two BIOS passwords - one for access to the BIOS settings, and one for 
booting.  If you get a system with such a BIOS (and lock the case), 
they'll need to know the boot password before they can get to the 
FreeBSD boot prompt.  

Dave


----------------------------------------------------------------------
Dave Walton                                                           
Webmaster, Postmaster                   Nordic Entertainment Worldwide
walton@nordicdms.com                          http://www.nordicdms.com
----------------------------------------------------------------------