*BSD News Article 95805


Return to BSD News archive

Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!rill.news.pipex.net!pipex!oleane!jussieu.fr!fdn.fr!r2d2.fdn.org!sphynx.fdn.fr!causse
From: causse@sphynx.fdn.fr (Philippe Causse)
Subject: Re: Password issues
X-Newsreader: TIN [version 1.2 PL2]
Organization: individual - paris - france
Message-ID: <EAHtBs.pK@sphynx.fdn.fr>
References: <337e914c.418331@news.ibm.net.il> <5lplob$kol@ui-gate.utell.co.uk>
Date: Tue, 20 May 1997 18:43:04 GMT
Lines: 52
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41294

Brian Somers (brian@shift.utell.net) wrote:
: In article <EAEAsA.1G3@sphynx.fdn.fr>,
: 	causse@sphynx.fdn.fr (Philippe Causse) writes:
: > Enoch Wexler (enoch@wexler.spamthis.co.il) wrote:
: >: On Sun, 18 May 1997 05:32:31 GMT, Enoch wrote:
: > 
: >: >I upgraded a 2.1.5 sys to 2.2.2 but forgot to choose a root password.
: >: >What is the default password of the new 2.2.2 sys?
: > 
: >: Found the answer to the above shortly after posting. Pressed the ^C
: >: during bootup. The system entered single user (root) mode. Mounted the
: >: main disk. Used 'passwd' to set the root's password...
: > 
: >: So every passerby can do the same...<shiver>
: > 
: > Except if your console has been flagged as insecure !
: > See "man 5 ttys" for more information :-)

: In which case they can either boot off a floppy or pick the machine
: up and walk away with it.  Physical access makes you God !  You don't
: need passwords :)

Most decent PC/AT clones have a BIOS setup which allows you to boot from
drive "C:" before drive "A:".  Furthermore, the setup can be password
protected (even the boot sequence can be password protected).
Therefore, and admitting that:
	1) You boot from C: before A:,
	2) You changed the boot code disable the fd(0,a) entry,
	3) FreeBSD is _the_ only O.S. on the system
	4) Your computer box has been secured (with a locker)
The system should be reasonably secured :-)  Bad times for crackers!

I don't know if Brian will agree but I'll be pretty confident in
such a system!

: > BTW, same behaviour on Sun systems... (and same cure as well ;-] )
: > 
: >: Enoch.
One more little word about security on Sparcs: if you remove the tod-clock
(time-of-day, chip labelled "TO-48") and write zeros at a specific address
with a Data-I/O programmer, the console passord isn't checked anymore
at boot-time !  Then go for a "STOP-A" and "boot -s" 8-)
Unfortunately I don't remember the address anymore...

: -- 
: Brian <brian@awfulhak.org> <brian@freebsd.org>
:       <http://www.awfulhak.org>
: Don't _EVER_ lose your sense of humour !
-- 
-------------------------------------------------------------------
P. Causse			http://www.fdn.fr/~pcausse
4.4BSD/X11R6/Motif-2.0/C++	mailto:causse@sphynx.fdn.fr (UUCP)