Subject: Re: Ctrl+Alt+Esc = db>
To: None <current-users@netbsd.org>
From: Harry Waddell <waddell@caravan.com>
List: current-users
Date: 01/26/2003 18:01:21
On Mon, 27 Jan 2003 01:06:40 +0100
Christian Biere <christianbiere@gmx.de> wrote:
> Roland Dowdeswell <elric@imrryr.org> wrote:
>
> > It should be secure, if you turn the debugger off either via sysctl:
> >
> > # sysctl -w ddb.opanic=0
> > # sysctl -w ddb.fromconsole=0
> >
> > or compile a kernel which doesn't have a debugger.
>
> Actually, you could have a look at GNATS to find a way to crash NetBSD.
> If you don't find a software way, you could use a more brutal way like
> pulling the plug or make it go overheat. Then you can boot the machine
> into single-user mode... I think, it's pretty hard to stealth a PC
> against local attacks.
>
A couple good points, but ideally one would have at least some degree of
physical security that would prevent someone from pulling the plug, etc...
Even a bank atm machine left unattended long enough will succumb to a
crow bar.
At the risk of sounding really dumb, since I haven't really thought this
through, but if the kiosk is running an application, couldn't one use a
non-concole usb keyboard and wrap the application in a shell script
such that wsconscfg would attach and detach the keyboard before and after
the application runs?
--
Harry Waddell
Caravan Electronic Publishing
-----------
"Well done is better than well said." - Benjamin Franklin