From owner-freebsd-security Thu Apr 16 10:34:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA24065 for freebsd-security-outgoing; Thu, 16 Apr 1998 10:34:24 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA24021 for ; Thu, 16 Apr 1998 17:34:12 GMT (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id NAA06347; Thu, 16 Apr 1998 13:34:06 -0400 (EDT) (envelope-from wollman) Date: Thu, 16 Apr 1998 13:34:06 -0400 (EDT) From: Garrett Wollman Message-Id: <199804161734.NAA06347@khavrinen.lcs.mit.edu> To: rotel@indigo.ie Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: securelevels and more liberal use of schg on system files (fwd) In-Reply-To: <199804161429.PAA02651@indigo.ie> References: <199804161429.PAA02651@indigo.ie> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk < said: > The default protections applied by make installworld seem to be > rather half hearted alright. :) Anyone planning to run with > securelevel >0 with the current install script would be well advised > to supplement them. It would be very nice to see someone think > through which binaries need to be protected as part of an overall > brainstorming session about making securelevels useful. My secure system runs with all major system directories append-only. In order for an attacker to replace an important program, he would first have to delete it (since he can't open it for write), which sappnd prevents. It also has a very restricted set of network services: anon ftp, Web cache, eklogin, and CVSup mirror---that's it. (Well, you can probably finger it, too.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message