Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)

[darren.moffat () UK Sun COM (Darren J Moffat - SunService ETZ-N OS Product Support Group)]

Just to make sure there is no confusion:

full-mode: in the OBP means the password is required for all OBP actions
including booting the system

command-mode: is for any OBP action that passes new parameters to the boot
command or attempts to do anything other than go (or continue in old-mode).


If you want to actually stop the break being sent at all then under
Solaris 2.6 you can do this by running: `kbd -a disable`

If you want to permanently change the software default effect of the
keyboard abort sequence, you can add or change the current value of the
KEYBOARD_ABORT  variable to the value disable in the keyboard default
file, /etc/default/kbd, as shown here.

          KEYBOARD_ABORT=disable

Some server systems have key switches with  a  'secure'  key position
that  can  be  read  by system software.  This key position overrides
the normal default of the keyboard  abort sequence  effect,  and
changes the default so the effect is 'disabled'.  On these systems,
when the key switch is in the secure  position,  the keyboard abort
sequence effect cannot be overridden by the software default which is
settable with this command.


I would recommend that ALL hosts have at least command-mode set if there
is the possibility that an untrust worth user has physical access.
In the case of servers with a key - take the key out and put it in the
safe as well!

Prior to Solaris 2.6 there is a consulting special option available
from Sun Profesional Services.

--
Darren J Moffat