SUMMARY: Sun ULTRA 20 and BIOS password security hole

From: Olaf Hopp (Olaf.Hopp@atis.uka.de)
Date: Fri Mar 03 2006 - 07:26:55 EST

• Next message: Keith Lawson: "Mounting Netware from Solaris"
• Previous message: Goutham.Nithyanandam@in.standardchartered.com: "Shell script doubt"
• Next in thread: Kumaresh P Nataraj: "Sun Cluster Resource Group Problem"
• Reply: Kumaresh P Nataraj: "Sun Cluster Resource Group Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Olaf Hopp wrote:
> Dear Collegues,
>
> is anybody running the new Opteron Workstations Ultra20 in an open
> classroom ? You can lock down the access to the BIOS via a BIOS password.
> But when the system boots it still allows you to press <F8>-Key and
> select a boot device - and (that's the problem) it allows you
> to boot from that device WITHOUT entering the BIOS password.
> This is even true when you disable booting from CD/DVD within
> the BIOS.
> So pressing F8 lets you always boot from any device without password.
> And this makes it impossilble for me to put them into an open classroom,
> where any student can reach control over the maschine with a stupid
> KNOPPIX-CD.
>
> Did I overlooked something in the BIOS ?
> I can't believe that SUN delivers a maschine with such a security hole.
>
> Hardware: SUN Ultra20
> BIOS-Version: 2.1.7 (seems to be the latest one)

Sorry, not a lot of responses:

Somebody (from SUN) mentioned to disable CD-booting within the
BIOS. But this does not help: my BIOS says boot from network only.
But when pressing the F8 key you can pick any boot device :-(

Somebody mentioned not to worry about it and to "educate" those
students. Well I wish I had his students. Since those are
students in computer science the know how to hack and to hide it
from me. If there is a hole, they will find it.

And there was a "me too":
the W1100z seems to have the same bug, sorry feature.

Hello SUN - wake up! The good old OBP-OK-Prompt on SPARC asks
for a password when I type "boot cdrom" at the OK prompt.

Thanks,
Olaf

-- 
==============================================================================
      __0
    _-\<,_     Dipl.-Geophys. Olaf Hopp
   (_)/ (_)    ATIS - Abteilung Technische Infrastruktur
University of Karlsruhe          EMail: Olaf.Hopp@atis.uka.de
Faculty of Computer Science      WWW  : http://www.atis.uka.de
Building 50.34 Room-No. 009
Am Fasanengarten 5               Fon  : +49 (721) 608-3973
D-76131 Karlsruhe / Germany      Fax  : +49 (721) 608-6699
==============================================================================
[demime 1.01b removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Keith Lawson: "Mounting Netware from Solaris"
• Previous message: Goutham.Nithyanandam@in.standardchartered.com: "Shell script doubt"
• Next in thread: Kumaresh P Nataraj: "Sun Cluster Resource Group Problem"
• Reply: Kumaresh P Nataraj: "Sun Cluster Resource Group Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:39:11 EDT