>On Fri, 10 Jul 1998, Jericho Nunn wrote: > >> An easy and quick work-around that avoids granting just anybody at >> the console the ability to "Stop-A" and drop into OBP, is to enable the >> "security-mode" and "security-password" variables within OBP. Changing >> the default value of "security-mode" from 'none' to 'full', forces a >> user who tries to halt the system to authenticate against the password >> defined in "security-password" before having access to the OBP command >> line. > >On some (older?) OBP versions, you can reset the NVRAM to default >values (hence disabling the password) by pressing Stop-N. That doesn't work. (Well, maybe on really old Rev 1.0 PROMS). L1-N only works if the PROM isn't in secure mode. While the Forth in the Openboot PROM make it a bt easier (and I'm sure I've seen code snippets to set your creds years ago), the older Sun 3 and pre openboot Sun roms have similar functionality but with arcane syntax. And, you can boot in kadb; and have even more support to walk around in the kernel. Then there's kadb work-a-like in Forth that we use at Sun. >And of course, a truly dedicated attacker simply has to open the box up >and drop in his own NVRAM chip which has no password. There's no security with physical access. Modge article serves to highlight what everbody should have realized a long time ago; with password protection on the boot firmware, cracking root is easy. Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:07 PDT