Bugtraq mailing list archives
Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)
From: strange () TEZCAT COM (Mike Scher)
Date: Sat, 11 Jul 1998 23:55:54 -0500
On Fri, 10 Jul 1998, Jericho Nunn wrote:
An easy and quick work-around that avoids granting just anybody at the console the ability to "Stop-A" and drop into OBP, is to enable the "security-mode" and "security-password" variables within OBP. Changing the default value of "security-mode" from 'none' to 'full', forces a user who tries to halt the system to authenticate against the password defined in "security-password" before having access to the OBP command line.
Alas, "full" password mode on at least some of the Sun systems I have used will also prompt for the password before completing any legitimate boot, more or less cripping the lab/server in the event of any kind of unattended restart. Such as might well happen in a lab, or on a server after a panic, power out, or other incident. It also does not prevent the Stop-A/Break from freezing the running system. I believe that setting the EEPROM security mode to "command" will prevent anyone from doing much to the system other than to Stop-A/Break halt it and reboot with the default boot params; it will also will allow a halted machine to be continued. It should (at least so the manual pages seem to claim) not allow other commands, and I am pretty sure it will allow an unattended reboot to the default boot device. Seems like this would be the best remedy in a lab environment. Note that none of the modes will prevent the Stop-A/Break halt itself, AFAIK. But now we're talking physical access issues, and all physcially accessible system are subject to the snip hole (power cord? <snip>), and the spray hole (spray water into the box), should the malicious person want to halt it in person. Finally, remote consoling any server or device that treats the console as possessing special privileges should be undertaken with great caution. Cisco owners take note (!). -M Michael Brian Scher (MS683) | Anthropologist, Attorney, Part-Time Guru strange () cultural com | http://www.tezcat.com/~strange/ strange () uchicago edu | strange () tezcat com Give me a compiler and a box to run it, and I can move the mail.
Current thread:
- dslip package, (continued)
- dslip package David Kopstain (Jul 09)
- SLMail 3.0.2421 Stack Overflow... Aleph One (Jul 09)
- Re: SmurfLog 1.0 Solar Designer (Jul 06)
- Re: SmurfLog 1.0 Bug Lord (Jul 10)
- port 0 scanning Lamont Granquist (Jul 08)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- [FWD] Attention: Please update your imapd Raj Singh (Jul 13)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Re: port 0 scanning Dagmar d'Surreal (Jul 10)