From owner-freebsd-security  Thu Aug 22 19: 6:16 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 798A537B400
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Aug 2002 19:06:14 -0700 (PDT)
Received: from thought.holo.org (w120.z064002057.sjc-ca.dsl.cnc.net [64.2.57.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 05B3543E6E
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Aug 2002 19:06:14 -0700 (PDT)
	(envelope-from bwb@holo.org)
Received: from localhost (localhost [127.0.0.1])
	by thought.holo.org (8.12.5/8.12.5) with ESMTP id g7N26A6k087885
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Aug 2002 19:06:10 -0700 (PDT)
	(envelope-from bwb@holo.org)
Date: Thu, 22 Aug 2002 19:06:10 -0700 (PDT)
From: Brian Buchanan <bwb@holo.org>
To: freebsd-security@FreeBSD.ORG
Subject: Re: kern/22142: securelevel does not affect mount
In-Reply-To: <200208230144.g7N1itTB030484@freefall.freebsd.org>
Message-ID: <20020822185704.Y87847-100000@thought.holo.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I agree with this in principle.  I've already applied a similar patch to
the kernel running on my firewall at home.  This machine boots off compact
flash media and all of its r/w filesystems are MFS, mounted noexec, nodev
(with the exception of /dev, of course).  With the securelevel raised, I
can be reasonably certain that the compact flash's filesystem cannot be
tampered with (or inadvertantly changed for any reason).  The machine can
be power-cycled at any time to restore it to a known state.  And as a
bonus, any exploits which depend on writing an executable to the
filesystem cannot work.

My main concern is continuing to add restrictions to the one-dimensional
securelevel scheme.  Though I suppose this is something which MAC will
soon allow us to solve.

- Brian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message