Bugtraq mailing list archives
Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)
From: strange () TEZCAT COM (Mike Scher)
Date: Sat, 11 Jul 1998 23:55:54 -0500
On Fri, 10 Jul 1998, Jericho Nunn wrote:
An easy and quick work-around that avoids granting just anybody at the console the ability to "Stop-A" and drop into OBP, is to enable the "security-mode" and "security-password" variables within OBP. Changing the default value of "security-mode" from 'none' to 'full', forces a user who tries to halt the system to authenticate against the password defined in "security-password" before having access to the OBP command line.
Alas, "full" password mode on at least some of the Sun systems I have used
will also prompt for the password before completing any legitimate boot,
more or less cripping the lab/server in the event of any kind of
unattended restart. Such as might well happen in a lab, or on a server
after a panic, power out, or other incident. It also does not prevent the
Stop-A/Break from freezing the running system.
I believe that setting the EEPROM security mode to "command" will prevent
anyone from doing much to the system other than to Stop-A/Break halt it
and reboot with the default boot params; it will also will allow a halted
machine to be continued. It should (at least so the manual pages seem to
claim) not allow other commands, and I am pretty sure it will allow an
unattended reboot to the default boot device. Seems like this would be
the best remedy in a lab environment.
Note that none of the modes will prevent the Stop-A/Break halt itself,
AFAIK. But now we're talking physical access issues, and all physcially
accessible system are subject to the snip hole (power cord? <snip>), and
the spray hole (spray water into the box), should the malicious person
want to halt it in person.
Finally, remote consoling any server or device that treats the console as
possessing special privileges should be undertaken with great caution.
Cisco owners take note (!).
-M
Michael Brian Scher (MS683) | Anthropologist, Attorney, Part-Time Guru
strange () cultural com | http://www.tezcat.com/~strange/
strange () uchicago edu | strange () tezcat com
Give me a compiler and a box to run it, and I can move the mail.
Current thread:
- dslip package, (continued)
- dslip package David Kopstain (Jul 09)
- SLMail 3.0.2421 Stack Overflow... Aleph One (Jul 09)
- Re: SmurfLog 1.0 Solar Designer (Jul 06)
- Re: SmurfLog 1.0 Bug Lord (Jul 10)
- port 0 scanning Lamont Granquist (Jul 08)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- [FWD] Attention: Please update your imapd Raj Singh (Jul 13)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Re: port 0 scanning Dagmar d'Surreal (Jul 10)