Subject: Re: [ADVISORY] 4.4BSD Securelevels (fwd)
To: Andrew Brown <>
From: Jason Thorpe <>
List: current-users
Date: 06/25/1997 21:15:38
On Thu, 26 Jun 1997 00:11:56 -0400 (EDT) (Andrew Brown) wrote:

 > should we also consider that if you can get console access to a
 > machine that has ddb in the kernel, it's trivial to set the
 > securelevel to something arbitrary?

I think that's a fairly well-known thing :-)  If you can get access to
the console, the system isn't all that secure, anyhow.  Heck, removing
the power cord is an effective DOS attack :-)

If you are in a situation where you have to grant console access, common
sense would tell you to not allow access to the kernel debugger... I
really doubt it warrants an advisory :-)

Jason R. Thorpe                             
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939