Date: Thu, 5 Oct 2000 01:26:59 -0400 (EDT) From: Mike Nowlin <mike@argos.org> To: Gabriel Ambuehl <gabriel_ambuehl@buz.ch> Cc: security@FreeBSD.ORG Subject: Re: Re[2]: BSD chpass (fwd) Message-ID: <Pine.LNX.4.21.0010050116090.17757-100000@jason.argos.org> In-Reply-To: <12917380571.20001004204942@buz.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
> Wednesday, October 04, 2000, 12:08:59 PM, you wrote: > > of the script kid population). A really clever attacker would modify > > your securelevel settings in rc.conf, reboot the machine making it > > look like a panic or power surge > > What about setting schg for it as well? You'd just need to find a way > to change it yourself (not sure about it, but it should be changeable > in single user mode which is fortunately only controllable by the > console). Many moons ago, I was poking around in the securelevel "setting" code, and had an idea... (Ding!) How about some hardware flag (such as a bit on the game port connected to a one-shot 555 timer or something) that, when set, will allow you to lower the secure level w/o rebooting? Hit the button, the bit goes low, and you have 15 seconds to lower the securelevel before the bit goes high again and blocks the change (default action). Could also be wired to the (rather pointless) turbo switch that is still being put on a lot of cases... Yes? No? Stupid idea? --mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0010050116090.17757-100000>