Bugtraq mailing list archives
Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Mon, 13 Jul 1998 21:58:43 +0200
On Fri, 10 Jul 1998, Jericho Nunn wrote:An easy and quick work-around that avoids granting just anybody at the console the ability to "Stop-A" and drop into OBP, is to enable the "security-mode" and "security-password" variables within OBP. Changing the default value of "security-mode" from 'none' to 'full', forces a user who tries to halt the system to authenticate against the password defined in "security-password" before having access to the OBP command line.On some (older?) OBP versions, you can reset the NVRAM to default values (hence disabling the password) by pressing Stop-N.
That doesn't work. (Well, maybe on really old Rev 1.0 PROMS). L1-N only works if the PROM isn't in secure mode. While the Forth in the Openboot PROM make it a bt easier (and I'm sure I've seen code snippets to set your creds years ago), the older Sun 3 and pre openboot Sun roms have similar functionality but with arcane syntax. And, you can boot in kadb; and have even more support to walk around in the kernel. Then there's kadb work-a-like in Forth that we use at Sun.
And of course, a truly dedicated attacker simply has to open the box up and drop in his own NVRAM chip which has no password.
There's no security with physical access. Modge article serves to highlight what everbody should have realized a long time ago; with password protection on the boot firmware, cracking root is easy. Casper
Current thread:
- Re: Linux kernel filesystem oddities, (continued)
- Re: Linux kernel filesystem oddities Pavel Kankovsky (Jul 08)
- Re: Linux kernel filesystem oddities Jeffrey Hutzelman (Jul 09)
- dslip package David Kopstain (Jul 09)
- SLMail 3.0.2421 Stack Overflow... Aleph One (Jul 09)
- Re: SmurfLog 1.0 Solar Designer (Jul 06)
- Re: SmurfLog 1.0 Bug Lord (Jul 10)
- port 0 scanning Lamont Granquist (Jul 08)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- [FWD] Attention: Please update your imapd Raj Singh (Jul 13)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Re: port 0 scanning Dagmar d'Surreal (Jul 10)