Joco Salvatti wrote:
Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode.
He can also boot from cdrom or usb and then install everything you described. He can also remove the hard drive and mount it in a laptop. He can install a hardware key logger. etc.
Nonce someone has physical access, all is lost with current hardware. Cheers, Dries
