How To Prevent Booting Off A Cd

ok, i ve tried a few things, and here s what i ve got:

you do not need to setenv security-mode full
it is sufficient to setenv security-mode command. this means that you need a password to do anything other than boot the default startup disk. this is exactly what was requested. you do not need to turn off auto-boot. let the machine auto-boot, and if you lock the startup disk control panel in OS X, there is no way to boot from anything but the one you specify. i think his security is actaully pretty tight.

holding C at startup does nothing. nor does holding T for target mode. if you hold down option, it will show you a big padlock, and prompt you for the firmware password. if you enter the password, then you get a choice of startup disks.

note that since there is no inherent security in OS 9, any user can sit down and set the startup disk to his CD if OS 9 is loaded. in OS X however you can lock your control panels. The point is that the startup disk control panel changes the boot device without requiring you to give the firmware password. if you are in OS X, it only requires the admin password. in OS 9 it requires no password. the firmware password only protects you from changing boot at power-on.

note that there is no firmware command line that the user can see with this setup, avoiding a situation that some think is horrible.
 
also, note that since i have set it to auto-boot true, zapping the PRAM will have no effect. also note that, as i said before, as far as i know, if you forget the OF password, you are SOL. you may have no choice but to throw the computer in the river. like i said, i have seen nvram chips for sparc machines for sale that you can just replace it, but i have heard of no such option for apple, and their til website says that you are responsible for any damage you cause to your computer done by playing with the firmware. but who knows? maybe they will fix it for you.....
 
And the classic control panel doesn't function in blue box, I tried. (Whew) So this sounds pretty tight. I'll file this information away and hope I never need to use it. I can not condone Apple officially supporting security that can not be undone in the first person in a consumer OS. This is what I'd refer to as military grade security, where loss of hardware and information is preferred to information getting out in the open.

In reality, I think good solutions involve logging onto a network (netinfo or NIS) and keeping your prized servers under lock and key. Seldom in the commercial space is loss of information preferred over it risking exposure. Better security involves netbooting. But, as always, options are a plus. Thanks for the research, lethe.

P.eS. This still doesn't solve data privacy on the HD, it just defeats the machine booting as a deviant. I can steal the HD and read it in another computer. I'm glad this OF option is provided, kinda, but I really have trouble justifying its use.
 
I am aware of only two ways to remove, or circumvent, the Open Firmware password protection:

1. Physically altering the amount of RAM in the system (by removing or adding a DIMM) and subsequently zapping the PRAM three times will reset the firmware to default, including any password protection.

2. FWSucker, a small program that has the ability of displaying the current password to anyone with login access to a system.
 
well, as far as changing the memory goes, i guess i won t worry about that, because as theed sugests, if the person can get into the case, then they can just take out the drive, read/write whatever they want to it, and put it back in. remove a DIMM and zap the pram would have the same affect. the cases all have that security ring, which lets you lock the case, to prevent anyone from doing either thing.

but FWSucker? if that will give you the password, then we lose. i don t know how to stop someone from doing that.
 
That site, unsanity, is showing that hackers are starting to get interested in OSX. I knew for instance that you can reset the OF by removing a RAM module and zapping the PRAM three times, but that there are already hacks out to show the password is frightening. And sadly, there doesn't seem to be a manageable solution until Apple comes out with a OF update to close this hole.

Apart from removing the CD drive, what would also be possible?

I think that probably setting the environment in OF would be enough for most users. But what would be nice would be to be able to prevent users being able to download and run applications on the computer in OSX.
 
I think a rich guy would just remove the cd drive and purchase a bunch of external (usb, firewire, SCSI adapted) CD-ROMS that are not supported to boot from.

In a perfect world.....

Or an internal unsupported
 
not bootable CDROMs is a good idea, but if someone brings in an apple laptop, they can boot the computer in target mode, which is as good as booting off a cd. of course, they could bring in a bootable cdrom drive, but only if they can open the case, which is probably our first line of defense, to lock the case
 
Jeez :p
If someone is determined enough he might as well remove the HD from your mac and put it in his...lol if one is determined enough he can achieve anything :p
 
This is where I think most people mess up the conceptual model of security. Computer security has two levels:

1 - protecting the system from normal mistakes, rogue applications, bad configurations, etc. Programming in Mac OS 9 was dangerous, you could make a silly pointer error and sduuenly your OS is writing 0's to the HD. In this model, a pretty standard classroom model, Mac OS X is already the solution. Mapping user space onto a network drive completes this model.

2 - protecting from intentionally malicious hackers. In this model, the rules are very different. This kind of security is what you implement at your internet connection. In order to implement this type of security at the desktop, you need such a ridiculous amount of crap that it's not worth doing. Encrypting the HD, physically removing ports or locking the machine in a cabinet, gluing the keyboard to the table, and having cameras, scurity alarm tripwires, and active duty personell making rounds and monitoring cameras.

We are good at level 1. I don't think we're close to level 2, and I don't see a reason to go there. If you netboot the machine with no HD, and keep your server under level 2 security, then all you have to worry about is physical theft; your data is safe.
 
Originally posted by theolein
That site, unsanity, is showing that hackers are starting to get interested in OSX. I knew for instance that you can reset the OF by removing a RAM module and zapping the PRAM three times, but that there are already hacks out to show the password is frightening. And sadly, there doesn't seem to be a manageable solution until Apple comes out with a OF update to close this hole.
Click to expand...

This is not necessarily an OSX issue, but rather a problem with the Open Firmware itself, and in particular the way it stores the password. FWSucker is a classic Mac OS 9.x application as opposed to a native OSX Cocoa application, this rules out the possible misuse of such a program on Mac OS X only systems with no access to the classic environment (until a similar OSX native application becomes available of course). I have no doubt that Apple will resolve this issue in due course.

You also mention an increase in the use of OSX by so-called 'hackers', I consider this a good thing. The more people there are to locate and exploit such problems, the more secure the system and it's operating environment will become.
 
let me address your points about security, theed.

i have been in a lab where all the terminals were solaris xterms. in this case it is true that security on the box is pretty pointless. sun boxes give you many options like that. the most extreme case is the xterm, which doesn t have a hard drive, or CPU or cdrom drive; it is little more than a networked keyboard and monitor. gaining access to the box gains you nothing. there are other options like the diskless client, and other machines that boot of the net.

with the mac however, these are not options. you have to have a local OS, a local CPU and local disk drives. this is a security problem. it is not specific to macs. you could have the same problem with sun boxes, if they were all standalone networked boxes. let me give you some examples of why this is unacceptable.

if someone comes in and can boot your machine off their own media, then they can get root access. they can then install any hidden backdoor they want. it can be a server for illegal file sharing, or hidden access so they can launch probes or attacks on your LAN. they can do any number of things that are almost impossible to find. it might take weeks to discover these things, if ever.

it is true that once they have physical access to your hardware it is difficult to stop them from taking over your machine, that the only safe way is to keep the machine locked away. but it is not impossible. like we discussed, if you keep the case to the copmuter locked, they cannot remove your HD, and can t gain access that way. this is why password protecting your firmware is very valuable. sun's open firmware allows exactly the same kind of password protection that apples does, i assume for these exact reasons. under OS 9, it probably wasn t much of a problem, since there arent many with the know-how to do that kind of thing. but on a UNIX platform, any CS student can boot your computer single user mode, and put in secret UNIX backdoors.

i think this password protection is a good thing. many PCs have it, Sun has it, and now apple has it. if they can fix it so that FWSucker won t work, it will be good. i agree that it would suck to have to send your computer to apple because you forgot the password, or to have to throw it into the river because apple doesn t restore machines with screwy firmware. military grade security, as you call it, is a huge pain in the ass. so that s why you shouldn t use it unless you need it. but these days, places where you need military grade security are all too common. if i were running a college computer lab with OS X machines, i would use this feature.

it would be cool if apple started creating diskless clients, or xterms (should i call them aqua terms? can aqua be run remotely?), but right now apple is not in the business of making servers that can dish out that kind of performance. who knows whether OS X will give them some of the market share in that area.
 
network boot using the local disk only for VM is precisely this kind of coolness.

And as for this stuff being used on a college campus, the question is whether you wish to minimize the damage of the miscreants, or maximize the benefit of the legitimates. I'm tired of being shat upon for the sake of security against cretons. Clifford Stoll, The Cuckoo's Egg. : Education can only take place in the open. Security keeps things from going wrong as much as it doesn't allow good people to do good things.

It is an implementation that has some theoretical merit, but I feel that it sucks on many levels, and is not what you might regard as necessary. I will continue to construct my network around the concept that this kind of security is more bad than good.
 
The whole concept of VM is the splitting of Memory onto different things, typically RAM and a Hard Drive. Simpler implementations don't split, thay simply use RAM as Memory. The old mac did this for the most part, and we all got lazy and started using the terms RAM and Memory interchangeably.

Now, Memory is the immediate working space, logically speaking, for applications, but where it is exactly is harder to say at any given moment.

Add to this the caching phenomenon, where Mac OS X leaves things in memory even after you said you were done with them, just in case you want them back - You start to get the feeling that X is wasting RAM on things that you're not using and putting things you want to use into storage! It's simply not true, but in order to explain exactly what's happening any better, I'd need a couple of hours and a chalkboard.

Great Scott! I can't believe I just put this explanation in this thread. Sorry for drifting off topic
 
You must log in or register to reply here.
Back
Top