From: Olaf Hopp (Olaf.Hopp@atis.uka.de)
Date: Fri Mar 03 2006 - 07:26:55 EST
Olaf Hopp wrote:
> Dear Collegues,
>
> is anybody running the new Opteron Workstations Ultra20 in an open
> classroom ? You can lock down the access to the BIOS via a BIOS password.
> But when the system boots it still allows you to press <F8>-Key and
> select a boot device - and (that's the problem) it allows you
> to boot from that device WITHOUT entering the BIOS password.
> This is even true when you disable booting from CD/DVD within
> the BIOS.
> So pressing F8 lets you always boot from any device without password.
> And this makes it impossilble for me to put them into an open classroom,
> where any student can reach control over the maschine with a stupid
> KNOPPIX-CD.
>
> Did I overlooked something in the BIOS ?
> I can't believe that SUN delivers a maschine with such a security hole.
>
> Hardware: SUN Ultra20
> BIOS-Version: 2.1.7 (seems to be the latest one)
Sorry, not a lot of responses:
Somebody (from SUN) mentioned to disable CD-booting within the
BIOS. But this does not help: my BIOS says boot from network only.
But when pressing the F8 key you can pick any boot device :-(
Somebody mentioned not to worry about it and to "educate" those
students. Well I wish I had his students. Since those are
students in computer science the know how to hack and to hide it
from me. If there is a hole, they will find it.
And there was a "me too":
the W1100z seems to have the same bug, sorry feature.
Hello SUN - wake up! The good old OBP-OK-Prompt on SPARC asks
for a password when I type "boot cdrom" at the OK prompt.
Thanks,
Olaf
-- ============================================================================== __0 _-\<,_ Dipl.-Geophys. Olaf Hopp (_)/ (_) ATIS - Abteilung Technische Infrastruktur University of Karlsruhe EMail: Olaf.Hopp@atis.uka.de Faculty of Computer Science WWW : http://www.atis.uka.de Building 50.34 Room-No. 009 Am Fasanengarten 5 Fon : +49 (721) 608-3973 D-76131 Karlsruhe / Germany Fax : +49 (721) 608-6699 ============================================================================== [demime 1.01b removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:39:11 EDT