> Doing that is going to be much more difficult than just grovelling
> around in /dev/mem or /dev/kmem.  It will also be fairly obvious if
> someone kills xdm in order to gain access to the aperture driver to
> issue commands to the card (remember, it is limited to one
> simultaneous open()).

So do it at 9am, when no sane hacker will be awake and logged on.

> If I'm correctly following your line of reasoning, NetBSD shouldn't
> have securelevels at all, or immutable flags, or any other security
> features, because once someone has cracked root, it's possible in one
> way or another to circumvent all these things (e.g. by installing a
> new kernel compiled with ``options INSECURE'' defined).  Not everyone
> agrees with this reasoning.  In some cases, blocking a "casual" attack
> on a machine is enough, and making it more obvious that a concerted
> attack has occurred is desirable.

Used properly, you can't break NetBSD this way, because the kernel is
one of the most *obvious* things that needs to be immutable.   Of
course, there also needs to be a way to protect the source tree, or
the fact that the kernel is immutable won't help you next time a
legitimate kernel build is done.

A genuinely secure installation using securelevel is something I doubt
any NetBSD hacker has ever done, particularly since the CVS sources
aren't that secure, but it is theoretically possible.   I'm not at all
sure how to secure the kernel in the presence of cards like the one
Perry describes.

			       _MelloN_