RE: More BCP: revenge of RS232 and CLIs

[George Jones <gmj@pobox.com>]

On Thu, 23 Oct 2003, Randy Bush wrote:

> i can load code via rs232?

The operatioal security requirement would seem to be the
ability to load updated code SOMEHOW in an secure isolated, offline
kine of way.  Imagine that some malware scrogs the OS such
that you can't load it/have it talk to the network.
An RS232 interface with code uploading capability would
be one obvious way to recover.  Local CDs would be another
if you have them and are willing to support that paradigm.

I forget the context, but recently (@ NANOG ?) I heard
someone quoting numbers saying that the average time for
an unpatched windows box connected to the net be 0wn3d
was less than the time required to connect to Microsoft's
update site and patch the box.  Oops.  Offline update
is a requirement.


>
> [ off stage: sounds off scrounging through the freebsd ports tree
>   for serial xmodem ]
>
> i may be a bit confused by a number of requirements being buried
> in a proposed solution:
>   o yet another oob cli path, pots/modem

OoB can be either RS232/Serial/CLI style interface
or seperate IP interface....but something's got
to work even when IP/OS is screwed up.

>   o a serial cli craft interface

???

>   o yet another code load path

Actualy, to date, nothing has been said about code
load paths.   That's an omission.  I'm going to fix it.


Thanks,
---George