From owner-freebsd-arch Fri Mar 16 9:53: 6 2001 Delivered-To: freebsd-arch@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 4172337B728 for ; Fri, 16 Mar 2001 09:52:56 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id JAA28502; Fri, 16 Mar 2001 09:52:48 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda28498; Fri Mar 16 09:52:36 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f2GHqVP45887; Fri, 16 Mar 2001 09:52:31 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdj45885; Fri Mar 16 09:51:58 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.3/8.9.1) id f2GHpvA04419; Fri, 16 Mar 2001 09:51:57 -0800 (PST) Message-Id: <200103161751.f2GHpvA04419@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdqQ4413; Fri Mar 16 09:51:10 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Warner Losh Cc: freebsd-arch@FreeBSD.ORG Subject: Re: flags settings for modules In-reply-to: Your message of "Thu, 15 Mar 2001 01:16:06 MST." <200103150816.f2F8G6920260@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 16 Mar 2001 09:51:10 -0800 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103150816.f2F8G6920260@harmony.village.org>, Warner Losh writes: > In message <20010314111629.A1018@dragon.nuxi.com> "David O'Brien" writes: > : So the question is do we want to keep my change? If so, shouldn't we use > : "schg" in a *lot* more places? Otherwise it's use is nebulous > > I think the change is premature. Until such time as we have a > convenient way to build a system that all vectors to compromise of > schg have been plugged, setting it to gain "security" is at best > folly. > > I do not argue that one could set schg on files by hand and might be > able to not miss any, such an undertaking is still very very > difficult. You have to make sure that all the rc scripts are schg. > And then all scripts that are run before we raise secure level. And > all binaries that are touched (and facist path policing of all > scripts). And then there's all the libraries that are linked in > against those binaries. And then there are all the modules loaded by > default or by the loader. And you have to secure the loader agianst > change in a similar way. And let's not forget any config files that > all these files/programs use. Oh, and let's not forget those things > that are too obscure for me to think of there. > > There are likely items in the list that I've forgotten. Since the > list is still so long, and since there's no one working on tightening > things up, I think that adding schg to modules is premature and will > cause more hassles than it is worth. > > Before people think that I don't think that this is worth it, or that > I have a negative attitude, I would like to point out that I think > work in this area would be beneficial. A script in /usr/sbin or a port might be the best answer. Maintaining this script might be another story. I'm currently working on a Tripwire 2.3.1 port and building the default policy file for FreeBSD has been a tedious process. I would think that building an schg script or port would be just as tedious. I could generate the script/port based on my work on the FreeBSD Tripwire policy file I'm currently building for the upcoming Tripwire 2.3.1 port. If people like this idea, I can do the work as it dovetails nicely with the Tripwire work I've been doing. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message