SUMMARY: Sun ULTRA 20 and BIOS password security hole

Olaf Hopp Olaf.Hopp at atis.uka.de
Fri Mar 3 07:26:55 EST 2006


Olaf Hopp wrote:
> Dear Collegues,
> 
> is anybody running the new Opteron Workstations Ultra20 in an open
> classroom ? You can lock down the access to the BIOS via a BIOS password.
> But when the system boots it still allows you to press <F8>-Key and 
> select a boot device - and (that's the problem) it allows you
> to boot from that device WITHOUT entering the BIOS password.
> This is even true when you disable booting from CD/DVD within 
> the BIOS.
> So pressing F8 lets you always boot from any device without password.
> And this makes it impossilble for me to put them into an open classroom,
> where any student can reach control over the maschine with a stupid
> KNOPPIX-CD.
> 
> Did I overlooked something in the BIOS ?
> I can't believe that SUN delivers a maschine with such a security hole.
> 
> Hardware:      SUN Ultra20
> BIOS-Version:  2.1.7           (seems to be the latest one)

Sorry, not a lot of responses:

Somebody (from SUN) mentioned to disable CD-booting within the
BIOS. But this does not help: my BIOS says boot from network only.
But when pressing the F8 key you can pick any boot device :-(

Somebody mentioned not to worry about it and to "educate" those
students. Well I wish I had his students. Since those are
students in computer science the know how to hack and to hide it
from me. If there is a hole, they will find it.

And there was a "me too":
the W1100z seems to have the same bug, sorry feature.


Hello SUN - wake up! The good old OBP-OK-Prompt on SPARC asks
for a password when I type "boot cdrom" at the OK prompt.

Thanks,
Olaf



-- 

==============================================================================
      __0
    _-\<,_     Dipl.-Geophys. Olaf Hopp
   (_)/ (_)    ATIS - Abteilung Technische Infrastruktur

University of Karlsruhe          EMail: Olaf.Hopp at atis.uka.de
Faculty of Computer Science      WWW  : http://www.atis.uka.de
Building 50.34 Room-No. 009
Am Fasanengarten 5               Fon  : +49 (721) 608-3973
D-76131 Karlsruhe / Germany      Fax  : +49 (721) 608-6699

==============================================================================

[demime 1.01b removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]



More information about the sunmanagers mailing list