On Friday 03 August 2001 19:08 you've wrote:
> In message <20010803170051979391.437@alongtheway.com>, Jim Breton writes:
> >On Fri, Aug 03, 2001 at 04:15:21AM -0500, Dave Huang wrote:
> >> Set a root password and mark the console as insecure. You'll need to
> >> enter the password to get to a single-user mode shell.
> >
> >Thanks, that does help.  However one could still put a floppy in the
> >drive, and at the boot prompt, type "fd0a:/bsd" or whatever to boot from
> >that disk.  Any way around this?
>
> Change the boot order in the BIOS, and set a BIOS password.  NetBSD
> can't fix that; the attack happens before you get to NetBSD.
>
> 		--Steve Bellovin, http://www.research.att.com/~smb

Even if the boot order is changed, somebody still can type boot fd0a:netbsd
if he wants to... I mean I have a changed boot order here at home, and noone 
is gonna intrude here anyways, nor will they be able to boot via floppy by 
bios, but via the netbsd bootloader (even with insecure console) they will - 
hit space, type boot fd0a:netbsd,there you go. I can understand the demand 
for an option turning the boot menu off, and simply booting right ahead. On 
the other hand, if it's fully turned off you have a "little" problem to get 
back if something's broken (AND you have forgotten your bios passwd to change 
bootorder so your floppy boots first). Hmm after all, why not add it ?

Martin Weber