[nycbug-talk] A couple of security related questions

Isaac Levy ike
Mon Oct 4 16:48:17 EDT 2004

Word Louis,

On Oct 4, 2004, at 3:45 PM, Louis Bertrand wrote:

>> I have also somewhat implemented this sort of policy once on a FreeBSD
>> server, with ok success.  (by making the root shell /sbin/nologin )
> That's pretty ballsy. What happens if you have to boot into single 
> user mode?
> (BTW I agree, sudo rocks on Darwin/OS X)
> Ciao
>  --Louis  <louis at bertrandtech dot ca>

Heh- wow.  Darned good question.

To be honest, that's something I didn't think about at all- 
interesting.  I guess, I'd employ the strategy I've grown up on from 
the Mac world, where booting from CD and fixing a system is the common 
way of doing things.

I actually just made a nice FreeBSD repair kit, straight out of Dru's 
BSD Hacks book, (Hack # 71), which could be used to boot a server and 
deal with the sort of problem which would require a single-user boot.

But, delightfully, the FreeBSD server in question hasn't gone down 
since I set it up, (it's a very simple and specific-use system), so I 
guess reliability can become a pitfall <g>.  (Oh, the problems we have 
in BSD-land, where systems are TOO reliable!)


More information about the talk mailing list