Date: Thu, 31 May 2001 08:30:09 -0400 From: Dan Pelleg <dpelleg+bsd@REMOVEcs.cmu.edu> To: freebsd-security@freebsd.org Cc: freebsd-stable@freebsd.org Subject: remounts (was: Re: adding "noschg" to ssh and friends) Message-ID: <20010531123020.6044537B422@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
"Karsten W. Rohrbach" <karsten@rohrbach.de> wrote: > there are some real high-impact tweaks to be a little bit safer from > rootkits. one of them is mounting /tmp noexec. drawback: you got to > remount it exec for make installworld. I always wondered... Why are remounts permitted in all securelevels? I mean, in a locked-down system where it's acceptable to force a reboot in order to upgrade (or run a rootkit), I should be able to enforce read-only mounts. Currently anyone (well, root) can just mount -u -w them. Is this an implementation problem in mount(2)? (I haven't looked at the code). Or is this going to break things for people (amd? in high securelevels?). What am I missing? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010531123020.6044537B422>