>>> "Manuel" == Manuel Bouyer <bouyer@antioche.eu.org> writes:

    Manuel> Did you try it ? I'm  not sure /bin/sh will work on NetBSD
    Manuel> as proc 1.  Especially I'm not sure file descriptors 0,1,2
    Manuel> would be properly open.

I just tried it (just copying /bin/sh to /sbin/init since I don't have
a -current  machine to  try the  new boot flags  with) and  the kernel
panics with "init died". Clearly, you are correct: it does not work.

>>> "Bill" == Bill Studenmund <wrstuden@netbsd.org> writes:

    Bill> If you want to lock the  machine down hard, you need to fire
    Bill> up password locking in the BIOS, and have a boot loader that
    Bill> doesn't   let    you   give    a   command   line    w/o   a
    Bill> password. Otherwise  until the  kernel is loading  init, you
    Bill> are vulnerable.  i.e. somone can  boot the machine off  of a
    Bill> floppy or some other medium, and you're wide open.

Agreed,  although  it   is  not  always  practical  to   have  a  BIOS
password. The situation I had in mind was a physically hardned machine
(no floppies  or cds, difficult to  open case), living  in an insecure
public place, remotely managed.  The  issue is that it is not possible
(easily, at least) to remotely change BIOS passwords.  It'd be nice to
avoid truckrolls for regular maintenance.

The   situation  would   be  better   if  the   booloader   checked  a
password. There  seems to be an  ifdef'd out call to  a function named
checkpasswd() in arch/i386/stand/biosboot/main.c, but  as far as I can
tell, this function is unimplemented.

Cheers,
-w
-- 
William Waites <ww@styx.org>
Idiosyntactix Research Laboratories
http://www.irl.styx.org