RE: funny customers
From: Keith Baldwin (keith_at_southo.net)
Date: 09/22/04
- Previous message: Dimitri Aivaliotis: "Re: funny customers"
- In reply to: Per Engelbrecht: "Re: funny customers"
- Next in thread: Per Engelbrecht: "RE: funny customers"
- Reply: Per Engelbrecht: "RE: funny customers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <freebsd-isp@freebsd.org> Date: Wed, 22 Sep 2004 08:23:19 -0700
Didn't see it posted yet so here.
>From http://www.daemonnews.org/200108/security-howto.html in the Local
Security section:
"Lets begin with /etc/ttys. Open it up in your favorite editor and find the
console line:
console none unknown off secure
Change "secure" to "insecure", so the user is asked for the root password
when going to single user mode. Be warned this will also make recovering
lost root passwords more difficult, But it will prevent someone from gaining
root access to your machine locally provided they do not have a boot disk."
Regards,
Keith
-----Original Message-----
From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]
On Behalf Of Per Engelbrecht
Sent: Wednesday, September 22, 2004 7:49 AM
To: freebsd-isp@freebsd.org
Subject: Re: funny customers
Hi Dennis
>
> On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote:
>> But right now I need a way to bypass (I don't think it's possible)
>> the single_user mode root login feature.
>
> Just an idea (as it doesn't work ;) ...
>
> A trick known from linux is to boot the kernel with /bin/sh instead
> of /sbin/init. You'd do "set init_path=/bin/sh" for that in the
> loader. This would bypass the usual startup and thus you won't be
> asked for the password.
>
> However, i just tried this and it doesn't work. The sh immediately
> exists and consequently the kernel panics. Don't know what's the
> problem there...
Hmm .. I'm not sure why, but in FreeBSD both csh (default root
shell ... *&#@$!) and sh are linked static and tampering with these
from the boot-process through /sbin/init (which is the last part of
the boot-process anyway) is something I wouldn't do.
Creative thinking though :)
Thank you Dennis.
respectfully
/per
per@xterm.dk
>
> - D.
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Dimitri Aivaliotis: "Re: funny customers"
- In reply to: Per Engelbrecht: "Re: funny customers"
- Next in thread: Per Engelbrecht: "RE: funny customers"
- Reply: Per Engelbrecht: "RE: funny customers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
