From owner-freebsd-security Thu Feb 8 23: 3:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 479AA37B491 for ; Thu, 8 Feb 2001 23:03:21 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 8 Feb 2001 23:01:26 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1973Gx28360; Thu, 8 Feb 2001 23:03:16 -0800 (PST) (envelope-from cjc) Date: Thu, 8 Feb 2001 23:03:15 -0800 From: "Crist J. Clark" To: wlodek Cc: security@FreeBSD.ORG Subject: Read-Only Partitions Again (was Re: Hi) Message-ID: <20010208230315.R91447@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <000b01c091f8$fed0fd40$1f1652d1@timberauctiononline.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <000b01c091f8$fed0fd40$1f1652d1@timberauctiononline.com>; from wlodek@infoserve.net on Thu, Feb 08, 2001 at 09:59:31AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Feb 08, 2001 at 09:59:31AM -0800, wlodek wrote: > Hello > I was wonder if you can help me in mounting the FreeBSD in read-only mode > I will need to scenarios one only for two DNS server and one for Http > server: > Here is what I need to know > Which file shall I absolutely move to read -write partition? > I will have three very small HD with task as follow > 1 only swap partition r-w > 2 files system and binaries r only HD > 2 user file r-w but not execute. > Questions are > Which files from the binaries and file system shall I move (and do symbolic > link) on to write able partition? > The above will probably have some variations for apache machine and for bind > machine You will want a writable /var partition. Make everything else on the system a read-only root partition (put what is often broken up into / and /usr in this one partition). If you are changing your zones or webpages with any regularity, you may either want a partition for that or if there is not a lot of space involved, put it on /var too. Also, remember that if your machine is a secondary, you need to write the zone files somewhere. The real trick with having a read-only root partition is how to deal with /dev. Depending on how you use the box, you may be able to get away with a read-only /dev, but it can break things. There are ways to hack around this if you need to. After I've gone to all that trouble to tell you how to do it, I should point out that mounting partitions read-only is not really a security feature. There is no way to prevent root from chaning a read-only mount to read-write (with one very, very ugly exception) if the disk is not write protected at the hardware level. And if we are talking about partitions on the same disk, you cannot have some read-only and some read-write partitions with a hardware read-write protect. And after that, I'll tell you I made a really, really trivial hack to the kernel code so that the mount(2) call is deactivated at raised securelevels which does make read-only mounts a security feature. If you can't find it in the archive, I can dig it up. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message