Date: Wed, 6 Jan 1999 21:09:06 -0500 (EST) From: Brian Feldman <green@unixhelp.org> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Tom Bartol <bartol@salk.edu>, current@FreeBSD.ORG Subject: Re: New boot blocks for serial console ... Message-ID: <Pine.BSF.4.05.9901062105340.27158-100000@janus.syracuse.net> In-Reply-To: <38416.915473396@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Jan 1999, Jordan K. Hubbard wrote: > > What we're trying to achieve is an environment where the worst thing > > someone could do is cause the machine to reboot. > > Then lock the machine in a room. You're not going to get anywhere > close to that by changing the boot blocks and flagging it as an issue > in this case is simply waving a red herring. It might be nice to have a root-password-required feature for booting single user, as I believe OpenBSD has, and maybe a "trusted kernel" path... With this, disabling booting from other media, and passwording the BIOS, it would be impossible to crack the machine without having to open the case. This would usually keep a machine in open view secure, as people would NOT be expecting someone to open up the case in <insert location here>. Then again, a case won't necessarily be a deterrent anyway, but these things could help. > > - Jordan Brian Feldman _ __ ___ ___ ___ green@unixhelp.org _ __ ___ | _ ) __| \ http://www.freebsd.org/ _ __ ___ ____ | _ \__ \ |) | FreeBSD: The Power to Serve! _ __ ___ ____ _____ |___/___/___/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9901062105340.27158-100000>