Subject: Re: [ADVISORY] 4.4BSD Securelevels (fwd)
To: Andrew Brown <codewarrior@daemon.org>
From: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
List: current-users
Date: 06/26/1997 00:19:51
In message <199706260411.AAA00591@untraceable.net>, Andrew Brown writes:
>
>should we also consider that if you can get console access to a
>machine that has ddb in the kernel, it's trivial to set the
>securelevel to something arbitrary?

Well, you don't need physical access to exploit this bug, AFAICT.

And if you can get physical access to a machine, you can pretty much
do as you please with it, ddb or not.
Cheers,
-Angelos