From owner-freebsd-security  Thu Apr 16 10:34:24 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA24065
          for freebsd-security-outgoing; Thu, 16 Apr 1998 10:34:24 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA24021
          for <freebsd-security@FreeBSD.ORG>; Thu, 16 Apr 1998 17:34:12 GMT
          (envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id NAA06347;
	Thu, 16 Apr 1998 13:34:06 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 16 Apr 1998 13:34:06 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199804161734.NAA06347@khavrinen.lcs.mit.edu>
To: rotel@indigo.ie
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
        freebsd-security@FreeBSD.ORG
Subject: Re: securelevels and more liberal use of schg on system files (fwd)
In-Reply-To: <199804161429.PAA02651@indigo.ie>
References: <robert@cyrus.watson.org>
	<199804161429.PAA02651@indigo.ie>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

<<On Thu, 16 Apr 1998 15:29:32 +0000, Niall Smart <rotel@indigo.ie> said:

> The default protections applied by make installworld seem to be
> rather half hearted alright.  :) Anyone planning to run with
> securelevel >0 with the current install script would be well advised
> to supplement them.  It would be very nice to see someone think
> through which binaries need to be protected as part of an overall
> brainstorming session about making securelevels useful.

My secure system runs with all major system directories append-only.
In order for an attacker to replace an important program, he would
first have to delete it (since he can't open it for write), which
sappnd prevents.  It also has a very restricted set of network
services: anon ftp, Web cache, eklogin, and CVSup mirror---that's it.
(Well, you can probably finger it, too.)

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message