Date: 18 Oct 1999 09:55:32 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Justin Wells <jread@semiotek.com> Cc: Doug <Doug@gorean.org>, Antoine Beaupre <beaupran@IRO.UMontreal.CA>, Mike Nowlin <mike@argos.org>, "Rashid N. Achilov" <shelton@sentry.granch.ru>, freebsd-security@FreeBSD.ORG Subject: Re: kern.securelevel and X Message-ID: <xzpyad12jd7.fsf@flood.ping.uio.no> In-Reply-To: Justin Wells's message of "Mon, 18 Oct 1999 02:47:05 -0400" References: <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Justin Wells <jread@semiotek.com> writes: > 1) securelevel does not stop root from remounting / read-write, > since mount is specifically excepted (I tried it too, I was > able to do a "mount -u -o rw /" at securelevel 3 as root) Well, then, fix mount(8) so it won't run at high securelevels. You know where to find the source code. > 2) mounting / read only is nasty anyway, since you lose the > ability to chown /dev/tty* which makes some things act > very weird (many programs expect you will own your tty > or else they get angry) Use DEVFS, or union-mount an MFS on top of /dev. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpyad12jd7.fsf>