Date: Tue, 14 Jul 1998 09:50:12 +0100
From: Darren J Moffat - SunService ETZ-N OS Product Support Group <[email protected]>
To: [email protected]Subject: Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)
Just to make sure there is no confusion:
full-mode: in the OBP means the password is required for all OBP actions
including booting the system
command-mode: is for any OBP action that passes new parameters to the boot
command or attempts to do anything other than go (or continue in old-mode).
If you want to actually stop the break being sent at all then under
Solaris 2.6 you can do this by running: `kbd -a disable`
If you want to permanently change the software default effect of the
keyboard abort sequence, you can add or change the current value of the
KEYBOARD_ABORT variable to the value disable in the keyboard default
file, /etc/default/kbd, as shown here.
KEYBOARD_ABORT=disable
Some server systems have key switches with a 'secure' key position
that can be read by system software. This key position overrides
the normal default of the keyboard abort sequence effect, and
changes the default so the effect is 'disabled'. On these systems,
when the key switch is in the secure position, the keyboard abort
sequence effect cannot be overridden by the software default which is
settable with this command.
I would recommend that ALL hosts have at least command-mode set if there
is the possibility that an untrust worth user has physical access.
In the case of servers with a key - take the key out and put it in the
safe as well!
Prior to Solaris 2.6 there is a consulting special option available
from Sun Profesional Services.
--
Darren J Moffat