[ On Thu, October 8, 1998 at 12:23:55 (-0700), Curt Sampson wrote: ]
> Subject: Re: Another changer, another changer problem
>
> In multiuser mode, if I have a machine running at securelevel 2,
> files with the immutable flag cannot be modified. The system won't
> allow modification directly (even by root), nor will it allow any
> writes to the disk devices (even by root) to do it without going
> through the filesystem. Therefore someone who breaks into my machine
> cannot modify binaries and configuration files that I deem essential.
> They also cannot cover their tracks when logged in logfiles that
> I flag append-only.

You make me laugh!

Didn't I say something about a "hard" line somewhere?  A real RS-232
physical tty?  I'm sure I mentioned using a console server of some sorts
(which in your example would have to be on a secured admin-only LAN).

Clearly trying to point /dev/console at a PTY would be pointless
regardless of how intelligent your PROM is.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>