On 1043626000 seconds since the Beginning of the UNIX epoch
Christian Biere wrote:
>

>Actually, you could have a look at GNATS to find a way to crash NetBSD.
>If you don't find a software way, you could use a more brutal way like
>pulling the plug or make it go overheat. Then you can boot the machine
>into single-user mode... I think, it's pretty hard to stealth a PC
>against local attacks.

Yes, I wrote that email before my first meal of the day and so I
hadn't quite remembered all the steps.  You can get around that
one with a bit of effort, starting with marking the console as
insecure so that single user mode requires the root password.
You'd probably want to modify the boot blocks to refuse to boot
alternate kernels as well.

It should be possible to secure the system pretty well if the only
access the potential adversary has is the keyboard and the screen,
though, and if it is not we should address the issue.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/