Subj : Re: recent projects
To   : Mike Powell
From : Jeff Thiele
Date : Sat Aug 13 2022 11:00 am

On 13 Aug 2022, Mike Powell said the following...
 MP> As the SBC it was all running on is public facing, I didn't want the
 MP> version of linux running under it all to get too long in the tooth. 
 MP> Once I upgraded it, I could never get it all working again.

This is the main reason I prefer FPGAs to emulation on an SBC for
public-facing projects such as BBSs, although this has really got me
thinking about security on FPGA-based hardware.

Right now, I have a Raspberry Pi running Mystic BBS software. If a caller
were able to break that software, they could possibly gain access to the
underlying OS, which is plenty powerful enough to go exploring my home
network, even without root privileges. It's not public-facing, for that
reason.

A BBS running on an emulated system, itself running on a Raspberry Pi, is
perhaps slightly more complicated, but not all that different. If someone
were able to break the BBS software, they might be able to gain access to the
emulated system (more on that below). Breaking that, they'd be able to access
the underlying modern OS.

A BBS running on DEC OS/8, running on an FPGA implementation of a PDP-8 would
be a different story, I thought before writing this, because there's nowhere
to go after breaking the PDP-8 FPGA implementation; beyond that is only
hardware.

So a malicious caller would, at best, have a PDP-8 system with a WiFi modem
at their disposal. Could that be used to wreak havoc on the local network?
Yes, given someone with enough PDP-8 knowledge, I now believe it could. It
wouldn't be easy, but it would be possible.

Hmm.

Jeff.

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
 * Origin: Cold War Computing BBS (1:387/26)

.