Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: haahr%bogey@princeton.edu (Paul Gluckauf Haahr)
Newsgroups: comp.sys.sun
Subject: Re: (lack of) security of client workstations
Keywords: SunOS
Message-ID: <8905111150.AA04900@ken.Princeton.EDU>
Date: 11 May 89 11:50:40 GMT
Sender: usenet@rice.edu
Organization: Princeton University, Princeton NJ
Lines: 22
Approved: Sun-Spots@rice.edu
X-Sun-Spots-Digest: Volume 7, Issue 295, message 1 of 12

Karl Kleinpaste writes:
> > All the software security features in the world won't stop me from
> > hitting L1-A and twiddling memory from the PROM monitor. 

rbj@dsys.icst.nbs.gov writes:
> Who says your abort sequence has to be L1-A? Read man 5 kbd. I haven't
> tried it, but TFM indicates that the two key sequence can be changed.  It
> would take an awful lot of pounding to discover the new sequence.

by the same token, what's to stop someone from opening up /dev/kbd and
setting the sequence back to l1-a?  and chmod 600 /dev/kbd is a bad idea
because suntools, x, etc, would have to be made suid.

what is needed is some way to disable the continue command.

does anybody remember when you needed a skate key to get into console mode
on a pdp-11 or vax?  as i remember, all the keys were the same, but it was
some protection.

-- 
paul haahr
princeton!haahr   haahr@princeton.edu   haahr@pucc.bitnet