Subject: Re: Another changer, another changer problem
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: current-users
Date: 10/08/1998 15:53:06
[ On Thu, October 8, 1998 at 12:23:55 (-0700), Curt Sampson wrote: ]
> Subject: Re: Another changer, another changer problem
>
> In multiuser mode, if I have a machine running at securelevel 2,
> files with the immutable flag cannot be modified. The system won't
> allow modification directly (even by root), nor will it allow any
> writes to the disk devices (even by root) to do it without going
> through the filesystem. Therefore someone who breaks into my machine
> cannot modify binaries and configuration files that I deem essential.
> They also cannot cover their tracks when logged in logfiles that
> I flag append-only.
You make me laugh!
Didn't I say something about a "hard" line somewhere? A real RS-232
physical tty? I'm sure I mentioned using a console server of some sorts
(which in your example would have to be on a secured admin-only LAN).
Clearly trying to point /dev/console at a PTY would be pointless
regardless of how intelligent your PROM is.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>