Dave Feustel wrote:
I thought you had more insight. All of OpenBSD's security is at risk with
this technology.
The security features of an OS will not stop a physical attack, no
matter how well designed. This is no different than the admin leaving
root's password on a post-it note stuck to the underside of the file
drawer. If you don't trust your physical environment, change it. In
this case, I'd remove the 'secure' flag from ttyCn, and use either a
serial console or SSH in from a keyboard I trusted (by buying it myself
from a retailer, and using appropriate tamper-evident tape).
