Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!pt.cs.cmu.edu!f.word.cs.cmu.edu!eht
From: eht@f.word.cs.cmu.edu (Eric Thayer)
Newsgroups: comp.sys.next
Subject: Re: Student's view of NeXT marketing pl
Message-ID: <5873@pt.cs.cmu.edu>
Date: 16 Aug 89 14:48:58 GMT
References: <4866@tank.uchicago.edu> <116900006@p.cs.uiuc.edu>  <416@wet.UUCP>  <420@wet.UUCP>
Organization: Carnegie-Mellon University, CS/RI
Lines: 37

In article <420@wet.UUCP> epsilon@wet.UUCP (Eric P. Scott) writes:
>In article  J Greely  writes:
>>In article <416@wet.UUCP> epsilon@wet.UUCP (Eric P. Scott) writes:
>>                                         The ROM changes in 1.0 allow
>>the administrator of a machine to prevent unauthorized individuals
>>from doing interesting things like changing the boot device (which is
>>actually one of the least interesting things you can do from the
>>monitor).  They do not disable booting from OD, they allow you to
>>control it.
>
>Giving our users root access is just not a substantial risk.  If
>anyone can "lock" an otherwise accessible cube so that no one
>else can use it ... that is a SERIOUS threat.  It's near-
>impossible to trace, and could be difficult to correct.

It's not clear to me who the users of your NeXT's will be but,
perhaps you could give the machines a password and let the people in the
class know what it is.  Then, give a stiff penalty for getting caught leaking
the password or changing the password on a system.  The password protection
scheme is not too obtrusive (but I don't know peoples' thresholds of
obtrusiveness either :-) ).

It could be a short but obscure password because to brute force the
password, someone would have to rig up an automated way of getting input data
to the console (although /dev/ttya can be configured as an alternate console,
it is possible to require a password to do that).

I can see however, that it would be tempting for a student who had not
completed an assignment before an impending deadline to waste all (or such
a percentage that it locked out a significant fraction of the class) the
machines in the lab.



-- 
Eric H. Thayer      School of Computer Science, Carnegie Mellon
(412) 268-7679      5000 Forbes Ave, Pittsburgh, PA 15213