Date: Sat, 28 Jun 1997 00:14:56 -0700 (PDT) From: Simon Shapiro <Shimon@i-Connect.Net> To: Bruce Evans <bde@zeta.org.au> Cc: mburgett@cmnsens.zoom.com, freebsd-hackers@FreeBSD.ORG Subject: Re: com console, and h/w flow control... Message-ID: <XFMail.970628001456.Shimon@i-Connect.Net> In-Reply-To: <199706271720.DAA01015@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bruce Evans; On 27-Jun-97 you wrote: ... > crtscts is not the default, and clocal _is_ the default, to prevent > processes endless waits for console output. clocal is locked on. > -current also locks the speed. Perhaps crtscts should be locked > (off) too. Then stty'ing /dev/ttyd0 would be harder :-). > > Bruce There is a serious security issue here, worth considering (assuming clocal mode ignore modem controls): One logs in on the serial console from a modem (or terminal server), becomes root and the serial connection drops (noisy modem line, etc.). At this point ANYONE who dials-in is ROOT! Even if you did not login as root, all one has to do is dial-in, type the magic key sequence and be in the kernel debugger. The most common configuration in an industrial computer setup is to have a group of PC's, in a 19" rackmount, all on serial console, all attached to a terminal server. the terminal server is attached to a modem and/or Ethernet, via which the group of processors is managed. Actually, we are building just such system right now. We ridicule Slowlaris to no end for their incredible stupidity by having just such a ``feature''. I am SURE I am missing something in this discussion... Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.970628001456.Shimon>