[nycbug-talk] A couple of security related questions
Mon Oct 4 16:48:17 EDT 2004
On Oct 4, 2004, at 3:45 PM, Louis Bertrand wrote:
>> I have also somewhat implemented this sort of policy once on a FreeBSD
>> server, with ok success. (by making the root shell /sbin/nologin )
> That's pretty ballsy. What happens if you have to boot into single
> user mode?
> (BTW I agree, sudo rocks on Darwin/OS X)
> --Louis <louis at bertrandtech dot ca>
Heh- wow. Darned good question.
To be honest, that's something I didn't think about at all-
interesting. I guess, I'd employ the strategy I've grown up on from
the Mac world, where booting from CD and fixing a system is the common
way of doing things.
I actually just made a nice FreeBSD repair kit, straight out of Dru's
BSD Hacks book, (Hack # 71), which could be used to boot a server and
deal with the sort of problem which would require a single-user boot.
But, delightfully, the FreeBSD server in question hasn't gone down
since I set it up, (it's a very simple and specific-use system), so I
guess reliability can become a pitfall <g>. (Oh, the problems we have
in BSD-land, where systems are TOO reliable!)
More information about the talk