On Thu, 26 Jun 1997 00:11:56 -0400 (EDT) 
 codewarrior@daemon.org (Andrew Brown) wrote:

 > should we also consider that if you can get console access to a
 > machine that has ddb in the kernel, it's trivial to set the
 > securelevel to something arbitrary?

I think that's a fairly well-known thing :-)  If you can get access to
the console, the system isn't all that secure, anyhow.  Heck, removing
the power cord is an effective DOS attack :-)

If you are in a situation where you have to grant console access, common
sense would tell you to not allow access to the kernel debugger... I
really doubt it warrants an advisory :-)

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939