On Mon, 27 Jan 2003 01:06:40 +0100
Christian Biere <christianbiere@gmx.de> wrote:

> Roland Dowdeswell <elric@imrryr.org> wrote:
> 
> > It should be secure, if you turn the debugger off either via sysctl:
> > 
> > 	# sysctl -w ddb.opanic=0
> > 	# sysctl -w ddb.fromconsole=0
> > 
> > or compile a kernel which doesn't have a debugger.
> 
> Actually, you could have a look at GNATS to find a way to crash NetBSD.
> If you don't find a software way, you could use a more brutal way like
> pulling the plug or make it go overheat. Then you can boot the machine
> into single-user mode... I think, it's pretty hard to stealth a PC
> against local attacks.
> 

A couple good points, but ideally one would have at least some degree of
physical security that would prevent someone from pulling the plug, etc...
Even a bank atm machine left unattended long enough will succumb to a
crow bar. 

At the risk of sounding really dumb, since I haven't really thought this
through, but if the kiosk is running an application, couldn't one use a
non-concole usb keyboard and wrap the application in a shell script
such that wsconscfg would attach and detach the keyboard before and after
the application runs?

-- 
Harry Waddell
Caravan Electronic Publishing
-----------

"Well done is better than well said." - Benjamin Franklin