xhost +localhost
Chris Hodgins
chodgins at cis.strath.ac.uk
Thu Feb 3 15:20:28 PST 2005
epilogue wrote:
> On Thu, 3 Feb 2005 14:43:39 +0100
> Gert Cuykens <gert.cuykens at gmail.com> wrote:
>
>
>>On Thu, 3 Feb 2005 00:32:23 -0800, Ted Mittelstaedt
>><tedm at toybox.placo.com> wrote:
>
>
>>>While all of this is very interesting academic, if user Gert is dumb
>>>enough to leave the console of his UNIX system accessible then user
>>>Ted can come along and power cycle it into single user mode and wipe
>>>his disks whether he has the root password or not.
>
>
> While i quite agree with Ted's encouraging Gert to run X as joe user,
> rather than root (for a variety of security related reasons) it is a
> trivial matter implement a password requirement for boot -s. This way,
> even if a user can boot -s, they *must* have the root passwd.
>
> This implementation does mean, however, that you should not forget the
> root passwd, for if you do forget, you will not be able to reset it
> via boot -s and passwd.
>
> /etc/ttys
>
> # If console is marked "insecure", then init will ask for the root
> # password when going to single-user mode.
>
> console none unknown off insecure
>
> my 2 cents CAD for the day.
>
>
> cheers,
> epi
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
If you have local access to a machine, you can easily get
access...password or not.
Chris
More information about the freebsd-questions
mailing list