[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200809291855.m8TItQGr022287@cvs.openbsd.org>
Date: Mon, 29 Sep 2008 12:55:26 -0600
From: Theo de Raadt <deraadt@....openbsd.org>
To: Florian Weimer <fw@...eb.enyo.de>
Cc: Brett Lymn <blymn@...systems.com.au>,
B 650 <dunc.on.usenet@...glemail.com>, bugtraq@...urityfocus.com
Subject: Re: Sun M-class hardware denial of service
> On the other hand, I generally prefer a "trust me, I know what I'm
> doing" switch on the systems I deal with. It's really frustrating if a
> system tries to protect itself from me, and consequently fails to comply
> with the actual requirements in this situation.
As well, note that a power-off of the system is apparently not
sufficient (or so I am led to understand).
You have to call Sun, provide your serial number, and an engineer
comes on-site to reset the faulted domain, and then power cycles the
machine.
Then after it happens too many times, the Sun engineer will opt to
provide the instructions and email a 48-hour-use one-time-password
that will let the owner of the machine do it themselves. Enter the
password, type a few commands, and power the machine off.
That is my understanding of how the situation worked for the machine
where our developers were causing this problem.
That isn't just the system protecting you from yourself; that's a
non-clearable fault causing multiple service calls.
Powered by blists - more mailing lists