Discussion:
Enabling all available ttys if available console
Glen Barber
2015-10-19 17:12:15 UTC
Permalink
Hi,

For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.

The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.

The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.

Are there objections to changing the default, or have I missed something
larger in this proposed change?

Thanks in advance.

Glen
Glen Barber
2015-10-19 17:16:41 UTC
Permalink
Post by Glen Barber
Hi,
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
I should have also added that the change I propose is the default for
all architectures except amd64, i386, pc98, and mips. This would
effectively enable the same behavior across all architectures.

Glen
Baptiste Daroussin
2015-10-19 17:43:14 UTC
Permalink
Post by Glen Barber
Hi,
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Thanks in advance.
Glen
That would save a lot of pain in production servers, where different
manufacturers means differents ports available etc.

Big +1 for me.

best regards,
Bapt
John-Mark Gurney
2015-10-19 18:51:11 UTC
Permalink
Post by Glen Barber
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Thanks in advance.
Please do this.
--
John-Mark Gurney Voice: +1 415 225 5579

"All that I will do, has been done, All that I have, has not."
Devin
2015-10-19 20:51:11 UTC
Permalink
Post by John-Mark Gurney
Post by Glen Barber
For several months now, I have been contemplating enabling all active
ttys on the system
Please do this.
+1
Mark Felder
2015-10-19 20:09:58 UTC
Permalink
Post by Glen Barber
Hi,
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Thanks in advance.
Glen
I hate later finding that serial console isn't working... I also would
appreciate it.
--
Mark Felder
ports-secteam member
***@FreeBSD.org
Glen Barber
2015-10-19 21:00:35 UTC
Permalink
Post by Glen Barber
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Based on the replies so far, unless there are no objections by tomorrow,
I'll commit the change.

Thanks to everyone who replied.

Glen
Warner Losh
2015-10-19 23:09:45 UTC
Permalink
Post by Glen Barber
Post by Glen Barber
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Based on the replies so far, unless there are no objections by tomorrow,
I'll commit the change.
Thanks to everyone who replied.
Any chance we can move the tip entries from 9600 to 115200 too for the
other direction?

Warner
Glen Barber
2015-10-20 00:06:42 UTC
Permalink
Post by Warner Losh
Post by Glen Barber
Post by Glen Barber
For several months now, I have been contemplating enabling all active
ttys on the system by 1) changing the defaults from std.9600 to 3wire,
and 2) setting ttyu{0,1,2,3} from 'off' to 'onifconsole'.
The only drawback to doing this that I can think of is it could open
a potential attack vector, however this would require physical access to
the system.
The benefit to doing this is the system would be accessible via ttys
other than ttyu0 by default, which unless there is someone with local
access to the system, is painful for administrators to gain console
access remotely by default.
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Based on the replies so far, unless there are no objections by tomorrow,
I'll commit the change.
Thanks to everyone who replied.
Any chance we can move the tip entries from 9600 to 115200 too for the
other direction?
I don't see why not.

Glen
Ed Schouten
2015-10-28 06:42:17 UTC
Permalink
Hi Glen,

Sorry for the late reply.
Post by Glen Barber
Are there objections to changing the default, or have I missed something
larger in this proposed change?
Quick question: how are you going to deal with TTYs that are hooked up
to null modem cables? As in, if you would hook up two systems to each
other that have such a configuration, you'll likely see that the
gettys start spamming each other.
--
Ed Schouten <***@nuxi.nl>
Nuxi, 's-Hertogenbosch, the Netherlands
KvK-nr.: 62051717
Ed Schouten
2015-10-28 06:43:08 UTC
Permalink
Post by Ed Schouten
Quick question: how are you going to deal with TTYs that are hooked up
to null modem cables? As in, if you would hook up two systems to each
other that have such a configuration, you'll likely see that the
gettys start spamming each other.
Oh, wait. You're using 'onifconsole', so the getty will only actually
work if you add it to the console list. Sounds good. :-)
--
Ed Schouten <***@nuxi.nl>
Nuxi, 's-Hertogenbosch, the Netherlands
KvK-nr.: 62051717
Loading...