: > generated, DDB is the only way to figure out what is going on.
: > securelevel is a mechanism which attempts to guarentee data security,
: > at least to a degree. These two items do not clash.
: >
:
:Anyway, as soon as you can physically access the PC, youD loose anyway,
:independent of whether you can go into DDB to do things. You can reboot,
:boot a floppy. Yes you can do something about those things, but only to
:a limited extent.
:
:Nick
I wasn't really thinking of the console-on-vty case. I was thinking
of the console-on-serial-port case. When you have a rack of PC's you
usually hang the console off a serial port and throw it into a portmaster
or another machine w/ a multi-port card in it.
There are two reasons for doing this. First in order to be able to log
all messages sent to the console on a separate box, and second to be able
to perform maintenance on the machines & deal with panics, lockups, and
other situations for which DDB might be useful without having to haul the
card with the video monitor and keyboard physically over to the machine.
This also comes in useful when dealing with network attacks that make it
impossible to log into a machine the normal way.
But, unfortunately, putting the console on a serial port creates
vulnerabilities when DDB is enabled. You are, essentially, creating
an unintentional backdoor into the system. Hence the problem.
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message