From owner-freebsd-security@FreeBSD.ORG  Wed Sep 17 00:36:04 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BA18216A4B3
	for <freebsd-security@freebsd.org>;
	Wed, 17 Sep 2003 00:36:04 -0700 (PDT)
Received: from msresearch.ma.cx (D950b.pppool.de [80.184.149.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5F2B043F75
	for <freebsd-security@freebsd.org>;
	Wed, 17 Sep 2003 00:36:01 -0700 (PDT)
	(envelope-from root@msresearch.ma.cx)
Received: from msresearch.ma.cx (localhost.msresearch.org [127.0.0.1])
	by msresearch.ma.cx (8.12.9/8.12.9) with ESMTP id h8H7ZHnV049800;
	Wed, 17 Sep 2003 09:35:18 +0200 (CEST)
	(envelope-from root@msresearch.ma.cx)
Received: (from root@localhost)
	by msresearch.ma.cx (8.12.9/8.12.9/Submit) id h8H7ZFAn049799;
	Wed, 17 Sep 2003 09:35:15 +0200 (CEST)
	(envelope-from root)
Date: Wed, 17 Sep 2003 09:35:15 +0200
From: michael <michael@nettmail.de>
To: Nikolay Kanchev <niki@amk-drives.bg>,
	freebsd-security@freebsd.org
Message-ID: <20030917073514.GA49432@brenner.msresearch.org>
References: <20030916182147.2C2A816A4C0@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030916182147.2C2A816A4C0@hub.freebsd.org>
User-Agent: Mutt/1.4.1i
Subject: Re: freebsd-security Digest, Vol 26, Issue 1
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 07:36:04 -0000

Hi,

you should also disable the booting from cdrom or
better remove the connctor-cable from the cdrom-drive.

I be an experienced Admin and I know how to mount bsd-partitions
w/o any logging.....use the SuSE-8.2 cdrom and start the rescue-system
(i know not if it is possible with the original CD, may
i have an modified frm me) this allow you to mount any partition
an slice on the disks in the physical system.

And at this point you have loosed all the security-solutions in the
BSD themselfes. You should really connect an special crafted 
Hardware-Keylogger.

I mean you can found an plan from this whit modified cabling
to log the keystrokes to an another box (doubling and logging)
or to logging into the serial-interface from another box..


btw

Michael