home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.sgi
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!mips!odin!fido!zola!zuni!anchor!olson
- From: olson@anchor.esd.sgi.com (Dave Olson)
- Subject: Re: indigo security
- Message-ID: <nm6lcvg@zuni.esd.sgi.com>
- Sender: news@zuni.esd.sgi.com (Net News)
- Organization: Silicon Graphics, Inc. Mountain View, CA
- References: <1992Jul23.171949.5812@math.waterloo.edu> <1992Jul23.185607.22177@math.waterloo.edu>
- Date: Fri, 24 Jul 92 02:45:44 GMT
- Lines: 30
-
- In <1992Jul23.185607.22177@math.waterloo.edu> rblander@math.waterloo.edu (Robyn Landers) writes:
-
- | In article <1992Jul23.171949.5812@math.waterloo.edu> rblander@math.waterloo.edu (Robyn Landers) writes:
- | > [...]
- | >This means that the Indigos have to be in the same room
- | >as the monitors, leaving them vulnerable to malicious students.
- | > [...]
- ...
- | Aackk, of course there *is* a passwd command at the PROM
- | monitor prompt which restricts access to the other 4 actions
- | at the system maintenance level. Okay, so I was blind when
- | I looked at the result of >> help
- |
- | However it does appear to be undocumented in the Site Admin Guide
- | chapter on PROM monitor, and of course I'll welcome any other
- | suggestions on security in this situation. (We're going to put
- | an alarm cable on the metal bar that extends through the box,
- | so the front panel can't be opened exposing the reset button.)
-
- See 'man prom nvram'. Note that the bar and lock won't deter any
- body who is really malicious, but it is a pretty good compromise.
-
- Also be aware that the PROM password is useless if physical access
- to the backplane is available, or if there is an open root account,
- or if they can swap disks (if bootmode == c, since somebody can just
- swap disks, become root, and clear the password).
- --
- Let no one tell me that silence gives consent, | Dave Olson
- because whoever is silent dissents. | Silicon Graphics, Inc.
- Maria Isabel Barreno | olson@sgi.com
-
