Very Computer

They recognise that public workstations are just another kind of PC, and
that security has to be network based, and end to end.  Run Kerberos,
avoid NFS, and dream of the day when Plan 9 rules the earth.

Quote:}Also, I have a related question.  I chose security-mode of command
}rather than full because we still want to allow people to be able to
}re-boot a workstation that has been left unattended with a screen lock
}program running.  It seems some of our students are not above leaving a
}workstation locked while they go off to classes or whatever and this
}denies access to the workstation to others.  We were advising people to
}sync the system to re-boot to reduce the chance of corrupting the
}filesystems (the workstations have /, /usr and swap on the local disk.)
}With command security-mode it seems they can no longer issue sync as
}that appears to be in the restricted command set.  What do other people
}do to address problems such as these?  Do you set security-mode to full
}and require people to power cycle the machine to re-boot?  Are there
}other implications of the different security-mode settings that I may
}not be aware of?

In our student labs this means: no rebooting by students, only by
staff.

Casper

Your response could be to limit access to /vmunix and /dev/*mem*,
The command constructed use addresses found inside kernel.

--
Israel Yedidya,                 |       Phone:  +972-3-531-8953/682/407/408
System Administrator,           |       Fax:    +972-3-535-3325

In practise this is trickier, but in theory you should be able to derive the
proc structure pointer without ever needing to leave the PROM.

This implies simply blocking access to /vmunix and /dev/*mem* is not a valid
solution.

The command security in the PROM fixes these problems. However the prom
password can sometimes be erased or simply bipassed so don't assume this makes
things 100% secure.

        James
--

Medical Research Council - Laboratory of Molecular Biology,
Hills Road, Cambridge, CB2 2QH, England.

                        Dave

My response was to enable command security-mode on all the workstations
in two labs of SUN workstations.  This seems to have solved the exposure
problem.

I am posting this in case other people are as naive as I was in leaving
access to the eeprom commands on machines in a public access lab.

Also, I have a related question.  I chose security-mode of command
rather than full because we still want to allow people to be able to
re-boot a workstation that has been left unattended with a screen lock
program running.  It seems some of our students are not above leaving a
workstation locked while they go off to classes or whatever and this
denies access to the workstation to others.  We were advising people to
sync the system to re-boot to reduce the chance of corrupting the
filesystems (the workstations have /, /usr and swap on the local disk.)
With command security-mode it seems they can no longer issue sync as
that appears to be in the restricted command set.  What do other people
do to address problems such as these?  Do you set security-mode to full
and require people to power cycle the machine to re-boot?  Are there
other implications of the different security-mode settings that I may
not be aware of?
--

Computing Services  UofNB  Box 4400  (506) 453-3590 (FAX)  
Fredericton, NB,  CANADA,  E3B 5A3   .......__/\o_.......  

chris...
--

"Address: FB Informatik - Bau 57 / Universitaet KL / D--67653 Kaiserslautern"
"World-wide web: http://uomo.informatik.uni-kl.de:2080/Personalia/cml.html"

Quote:>I am completely disgusted by the fact that the PROM password
>is stored in its cleartext form; a simple ``strings /dev/eeprom''
>lets anyone who has the proper permission read it.  Yuck.
>I guess building crypt() into the ROM was a bit much to ask,
>but still.  I think it's time for me to ``chmod 600 /dev/eeprom''
>so only root can get at it.

                                Dave

Quote:>Power-cycling a machine in security-mode=full will not make it reboot.
>It hangs there waiting for you to type a password. (W/ a sufficiently
>new eeprom).

OTOH, I seem to recall some option about copying the monitor code to
RAM and running it from there; if that's the case, it may be possible
to patch it to allow you to sync w/o a password from
security-mode=command...

--
John Hawkinson

Tech solutions aren't necessarily best.

b&

--

 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.

:     Well they have to become gid kmem ( Which is easy on SunOS )

Does it exist any EASY way to prevent a user from becoming gid kmem?
Or gid anything? It seems like group id's are of no value if users can
become what they want easily. (or does this only apply to kmem?)

                                        Karl

--
Karl-Gunnar Hultland         If two persons agree on everything then

Quote:>program running.  It seems some of our students are not above leaving a
>workstation locked while they go off to classes or whatever and this
>denies access to the workstation to others.

                                                                Rune