[ previous ] [ next ] [ threads ]
 
 From:  Travis Dixon <travisd at tubas dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Wishlist
 Date:  Tue, 23 Nov 2004 08:57:04 -0500 (EST)
On Tue, 23 Nov 2004, Jean Everson Martina wrote:

>
>
> A dot L dot M dot Buxey at lboro dot ac dot uk wrote:
> >>>Password protection may not be a bad thing... but part of the point of
> >>>the console is to recover from a lost password.
> >>
> >>What if you lost your password to console ;)
> >
> >
> > well, if you've got physical access to the system it isnt a problem. just whip the disk
> > out, stick it into a FreeBSD box (or a Linux box with UFS fs/BSD partition support enabled
> > in kernel) mount the disk and clear/change the password.
>
> This topic was discussed already in the list. I myself started to list
> the things needed by m0m0 to be ICSA certifiable. This is one issue.
>

The way that many devices/OS's/etc deal with the lost console password is to give
you an opportunity to "break in" sometime during the boot process. It's assumed that
the act of powercycling the box would be indication that something has been tampered
with, and that if you have physical access to the box there's a way to break in anyway
so why make it too painful.