From owner-freebsd-security  Tue Sep  7  8:59:48 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5C88414D73; Tue,  7 Sep 1999 08:59:43 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id IAA81847;
	Tue, 7 Sep 1999 08:58:45 -0700 (PDT)
	(envelope-from dillon)
Date: Tue, 7 Sep 1999 08:58:45 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199909071558.IAA81847@apollo.backplane.com>
To: Nick Hibma <nick.hibma@jrc.it>
Cc: Greg Black <gjb-freebsd@gba.oz.au>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>, bde@zeta.org.au,
	freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Init(8) cannot decrease securelevel 
References:  <Pine.GS4.4.10.9909070811400.5634-100000@elect8>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

: >    generated, DDB is the only way to figure out what is going on.  
: >    securelevel is a mechanism which attempts to guarentee data security,
: >    at least to a degree.  These two items do not clash.
: > 
:
:Anyway, as soon as you can physically access the PC, youD loose anyway,
:independent of whether you can go into DDB to do things. You can reboot,
:boot a floppy. Yes you can do something about those things, but only to
:a limited extent.
:
:Nick

    I wasn't really thinking of the console-on-vty case.  I was thinking
    of the console-on-serial-port case.  When you have a rack of PC's you
    usually hang the console off a serial port and throw it into a portmaster
    or another machine w/ a multi-port card in it.

    There are two reasons for doing this.  First in order to be able to log
    all messages sent to the console on a separate box, and second to be able
    to perform maintenance on the machines & deal with panics, lockups, and 
    other situations for which DDB might be useful without having to haul the
    card with the video monitor and keyboard physically over to the machine.

    This also comes in useful when dealing with network attacks that make it
    impossible to log into a machine the normal way.

    But, unfortunately, putting the console on a serial port creates 
    vulnerabilities when DDB is enabled.  You are, essentially, creating
    an unintentional backdoor into the system. Hence the problem.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message