Subject: Re: [ADVISORY] 4.4BSD Securelevels (fwd)
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: current-users
Date: 06/26/1997 06:55:30
>> [...] it seems to me that a machine that to which you have console
>> access that also has ddb is not much more secure than a dos
>> machine...

Probably true.  Even if securelevel can't be patched directly, there
are lots of other interesting things you can do, like patching the
p_cred->cr_uid field for your shell, or diking out certain suser()
calls in the kernel text segment.

> But what i was saying was that if you have physical access to a
> machine (which is different from mere console access), you can do as
> you please with it.  At the very worst, plug a floppy in and boot
> from there (DOS, and then use a sector editor...)

Heh.  _Real_ machines have PROM passwords so that you-the-sysadmin can
prevent booting from alternative media by people ignorant of the
password.  (Remember, not everything runs DOS, either - this _is_
current-users, not port-i386.)  (Though as you say, given physical
access and the time and knowledge to use it to good advantage, you can
work around such things.  "One more hurdle"....)

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B