> > should we also consider that if you can get console access to a
> > machine that has ddb in the kernel, it's trivial to set the
> > securelevel to something arbitrary?
>
>I think that's a fairly well-known thing :-)  If you can get access to
>the console, the system isn't all that secure, anyhow.  Heck, removing
>the power cord is an effective DOS attack :-)

let's not be too kind, after all, *running* dos is an effective dos
attack.  :P

>If you are in a situation where you have to grant console access, common
>sense would tell you to not allow access to the kernel debugger... I
>really doubt it warrants an advisory :-)

i was just musing over the security of the securelevel when i came up
with this one.  in case you really care, tiny patches to four ddb
files (unfortunately i have only 1.2 at home) will render the
securelevel variable readonly.  somewhat.  okay, so it was a five
minute hack job, but at least it now says "(readonly)" when i attempt
to do "write securelevel 0".

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."