On 8/27/05, Todd C. Miller <[EMAIL PROTECTED]> wrote: > > In message <[EMAIL PROTECTED]> > so spake JSD (sri): > > > I have a big root access problem. If someone has physical > > access to my OpenBSD box, than he/she can swith into single > > user mode (-s) and can change the password of root. It is a > > big problem for me and I would like to password protect this > > single user mode or to totally disable this function but I > > don't know how. > > Is anyone here who solved this problem? Please help, thanks! > > Just remove the "secure" qualifier from the console line in > /etc/ttys. E.g. > > Instead of: > console "/usr/libexec/getty Pc" vt220 off secure > > Use: > console "/usr/libexec/getty Pc" vt220 off > > - todd > > Also, a BIOS password can be easily removed if one has physical access to the box. The small CMOS battery can be popped out, and put back in (on the motherboard), erasing your password.
-b14ck
