Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!husc6!linus!raybed2!cvbnet!gdelong From: gdelong@cvbnet.UUCP Newsgroups: comp.unix.questions Subject: Re: Security on Suns (was: Async terminal as console on a Sun) Message-ID: <177@cvbnet.UUCP> Date: Tue, 1-Sep-87 11:24:17 EDT Article-I.D.: cvbnet.177 Posted: Tue Sep 1 11:24:17 1987 Date-Received: Fri, 4-Sep-87 00:45:54 EDT References: <306@pvab.UUCP> <26419@sun.uucp> <4341@elroy.Jpl.Nasa.Gov> <4946@columbia.edu> Organization: Computervision, Bedford MA Lines: 36 In article <4946@columbia.edu>, dupuy@amsterdam.columbia.edu (Alexander Dupuy) writes: > In article <4341@elroy.Jpl.Nasa.Gov> (David Robinson) writes: > >This brings up a problem that exists with Suns that I have. The Suns > >are inherently insecure because anyone using a 3/50 can just > >power off the machine and reboot it in single user mode and become > >root. > > > [he suggests a hardware switch, like the lock on PC/ATs to remedy this] >[he suggests a copule of scripts to run in single user mode] I would first like to point out that if you provide someone who knows the system (hardware & software) acces to your system console on almost any system, he owns your system. There is a very easy way to keep the average to above average person from playing with your sun system in single user mode. As David mentioned, when you boot the sun with the -s option, root will me up in /bin/sh. Edit your /.profile and place the following command as the first line: login root This will require the user to know the root password on your system to bring it up in single user mode. Yes, this 'can' be defeated, but its takes a well above average user to do it. But, as I mentioned above, if you give them access to the system console, they own your system. -- _____ / \ / All spelling errors | Gary A. Delong, N1BIP | \ / intentional for testing | linus!raybed2!cvbnet!gdelong \____\/ rn spellcorrector v1.02A. | (617) 275-1800 x5232