Subject: Re: [ADVISORY] 4.4BSD Securelevels (fwd)
To: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
From: Andrew Brown <codewarrior@daemon.org>
List: tech-security
Date: 06/26/1997 00:30:26
>>should we also consider that if you can get console access to a
>>machine that has ddb in the kernel, it's trivial to set the
>>securelevel to something arbitrary?
>
>Well, you don't need physical access to exploit this bug, AFAICT.

the one addressed in the advisory, no, but for the ddb thing you do.

>And if you can get physical access to a machine, you can pretty much
>do as you please with it, ddb or not.

perhaps i'm going a little too far here (ducks to avoid bricks) but it
seems to me that a machine that to which you have console access that
also has ddb is not much more secure than a dos machine...

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."