From owner-freebsd-security Tue Dec 19 14:10:38 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 14:10:37 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 2A42537B400 for ; Tue, 19 Dec 2000 14:10:36 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eBJMAYs15771; Tue, 19 Dec 2000 15:10:35 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA03943; Tue, 19 Dec 2000 15:10:34 -0700 (MST) Message-Id: <200012192210.PAA03943@harmony.village.org> To: cjclark@alum.mit.edu Subject: Re: Read-Only Filesystems Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 19 Dec 2000 11:49:36 PST." <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> Date: Tue, 19 Dec 2000 15:10:34 -0700 From: Warner Losh Sender: imp@harmony.village.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> "Crist J. Clark" writes: : I was recently playing around with the idea of having a read-only root : filesystem. However, it has become clear that there is no way to : prevent root from changing the mount properties on any filesystem, : including the root filesystem, provided there is no hardware-level : block on writing and there is someplace (anyplace) where root can : write. That is correct. mount -uw / works, even at high security levels. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message