Date: Fri, 17 Dec 1999 23:17:06 -0800 From: Steve Reid <sreid@sea-to-sky.net> To: "Matthew B. Henniges" <matt@axl.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: partition sizes and securelevel questions Message-ID: <19991217231706.A921@grok.localnet> In-Reply-To: <NDBBJIOBFAJNKGAGLICJGEMIDOAA.matt@axl.net>; from Matthew B. Henniges on Fri, Dec 17, 1999 at 05:02:57PM -0500 References: <19991217124743.A141@comcen.com.au> <NDBBJIOBFAJNKGAGLICJGEMIDOAA.matt@axl.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 17, 1999 at 05:02:57PM -0500, Matthew B. Henniges wrote: > In any case, I'm just trying to get the benefits of securelevels without > being screwed if say a local root whole was found in /sbin/ping. (couldn't > update the binary due to immutable flag), and log rotation(append only) > Anyone have any better ideas? I was thinking, have a place for PGP-signed scripts that could be executed pre-securelevel. When you need to make a change, create a script, check it over (so you don't shoot yourself in the foot), sign it, stick it in a special directory and reboot. I've been meaning to implement it myself but I haven't gotten around to it yet. If someone else gets to it before I do, I know of two technical issues with PGP-signed scripts: 1- Scripts should require a sequence number to prevent replay attacks. 2- Some/all versions of PGP (2.6.* for sure, maybe later versions also) don't include anything before the first blank line in the signature. That is, you can insert stuff at the top of the PGP-signed file before the first blank line without invalidating the signature. Also, with regards to the boot scripts, it would be a very good idea to seperate the boot process into what absolutely must be done pre-securelevel, and what can be done after. Then you can set immutable the pre-securelevel rc scripts and everything they call. This would allow you to lock down what you must lock down while still being able to edit the post-securelevel stuff without unnecessary hassle. Any further discussion on this matter should probably be directed to the freebsd-security list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991217231706.A921>