Date: Tue, 19 Dec 2000 14:28:55 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Warner Losh <imp@village.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001219142855.E23819@rfx-64-6-211-149.users.reflexco> In-Reply-To: <200012192210.PAA03943@harmony.village.org>; from imp@village.org on Tue, Dec 19, 2000 at 03:10:34PM -0700 References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <200012192210.PAA03943@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 19, 2000 at 03:10:34PM -0700, Warner Losh wrote: > In message <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> "Crist J. Clark" writes: > : I was recently playing around with the idea of having a read-only root > : filesystem. However, it has become clear that there is no way to > : prevent root from changing the mount properties on any filesystem, > : including the root filesystem, provided there is no hardware-level > : block on writing and there is someplace (anyplace) where root can > : write. > > That is correct. mount -uw / works, even at high security levels. You can actually break that (in a dangerous way), but provided there is any other filesystem not blocked by a hardware-level, read-only block, you can then work around it. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001219142855.E23819>