Date: Sun, 14 Jun 1998 22:45:17 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) To: Eivind Eklund <eivind@yes.no>, Niall Smart <njs3@doc.ic.ac.uk>, dima@best.net, Darren Reed <avalon@coombs.anu.edu.au> Cc: jayrich@room101.sysc.com, security@FreeBSD.ORG Subject: Re: bsd securelevel patch question Message-ID: <E0ylKaT-0001Nb-00@oak71.doc.ic.ac.uk> In-Reply-To: Eivind Eklund <eivind@yes.no> "Re: bsd securelevel patch question" (Jun 14, 11:21pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 14, 11:21pm, Eivind Eklund wrote: } Subject: Re: bsd securelevel patch question > On Sun, Jun 14, 1998 at 11:23:53AM +0100, Niall Smart wrote: > > > > What use are securelevels without propagating the immutable flag? > > They can assure that a correct system comes up again after a boot, > with logs of at least the point of attack. This can be a dramatic > improvement. Yes, that is an improvement, but not much of one if no logs of the attack were generated (which is a very likely scenario, I have never seen logs of an attack, only attempted attacks), or if the attacker controls the program you are using to view the logs, or if the attacker controls the syslogd ensuring no suspicious log entries subsequent to the intrusion ever reach the log files. Propagating the immutable flag leads to a dramatic improvement, not propagating it leads to a a meagre improvement, in fact it could be construed as taking a step backwards due to over confidence in the security of the system just because the secure levels wand has been waved. I still haven't heard one convincing argument for not propagating the immutable flag, and have given plenty for. Niall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0ylKaT-0001Nb-00>