From owner-freebsd-security Tue Dec 19 11:49:45 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 11:49:42 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 6301737B402 for ; Tue, 19 Dec 2000 11:49:42 -0800 (PST) Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 19 Dec 2000 11:48:04 -0800 Received: (from cjc@localhost) by rfx-64-6-211-149.users.reflexcom.com (8.11.0/8.11.0) id eBJJnaD23851 for freebsd-security@freebsd.org; Tue, 19 Dec 2000 11:49:36 -0800 (PST) (envelope-from cjc) Date: Tue, 19 Dec 2000 11:49:36 -0800 From: "Crist J. Clark" To: freebsd-security@freebsd.org Subject: Read-Only Filesystems Message-ID: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: cjc@rfx-64-6-211-149.users.reflexcom.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was recently playing around with the idea of having a read-only root filesystem. However, it has become clear that there is no way to prevent root from changing the mount properties on any filesystem, including the root filesystem, provided there is no hardware-level block on writing and there is someplace (anyplace) where root can write. Is that accurate? I guess one must go to a "trusted OS" to get that type of functionality? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message