Olaf Hopp wrote: > Dear Collegues, > > is anybody running the new Opteron Workstations Ultra20 in an open > classroom ? You can lock down the access to the BIOS via a BIOS password. > But when the system boots it still allows you to press <F8>-Key and > select a boot device - and (that's the problem) it allows you > to boot from that device WITHOUT entering the BIOS password. > This is even true when you disable booting from CD/DVD within > the BIOS. > So pressing F8 lets you always boot from any device without password. > And this makes it impossilble for me to put them into an open classroom, > where any student can reach control over the maschine with a stupid > KNOPPIX-CD. > > Did I overlooked something in the BIOS ? > I can't believe that SUN delivers a maschine with such a security hole. > > Hardware: SUN Ultra20 > BIOS-Version: 2.1.7 (seems to be the latest one) Sorry, not a lot of responses: Somebody (from SUN) mentioned to disable CD-booting within the BIOS. But this does not help: my BIOS says boot from network only. But when pressing the F8 key you can pick any boot device :-( Somebody mentioned not to worry about it and to "educate" those students. Well I wish I had his students. Since those are students in computer science the know how to hack and to hide it from me. If there is a hole, they will find it. And there was a "me too": the W1100z seems to have the same bug, sorry feature. Hello SUN - wake up! The good old OBP-OK-Prompt on SPARC asks for a password when I type "boot cdrom" at the OK prompt. Thanks, Olaf -- ============================================================================== __0 _-\<,_ Dipl.-Geophys. Olaf Hopp (_)/ (_) ATIS - Abteilung Technische Infrastruktur University of Karlsruhe EMail: Olaf.Hopp@atis.uka.de Faculty of Computer Science WWW : http://www.atis.uka.de Building 50.34 Room-No. 009 Am Fasanengarten 5 Fon : +49 (721) 608-3973 D-76131 Karlsruhe / Germany Fax : +49 (721) 608-6699 ============================================================================== [demime 1.01b removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Mar 3 07:27:36 2006
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:56 EST