From owner-freebsd-questions@FreeBSD.ORG Sat Apr 19 09:27:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE2937B401 for ; Sat, 19 Apr 2003 09:27:13 -0700 (PDT) Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id F187943FE1 for ; Sat, 19 Apr 2003 09:27:12 -0700 (PDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com[24.147.188.198]) by rwcrmhc53.attbi.com (rwcrmhc53) with ESMTP id <20030419162712053002fgf5e>; Sat, 19 Apr 2003 16:27:12 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged)) by be-well.ilk.org (8.12.9/8.12.7) with ESMTP id h3JGRBQ8080355; Sat, 19 Apr 2003 12:27:11 -0400 (EDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.9/8.12.6/Submit) id h3JGRAat080352; Sat, 19 Apr 2003 12:27:10 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f Sender: lowell@be-well.no-ip.com To: freebsd-questions@freebsd.org, suedes098@yahoo.com References: <20030419142019.10649.qmail@web10008.mail.yahoo.com> <20030420105711.5b213c20.kitsune@gmx.co.uk> From: Lowell Gilbert Date: 19 Apr 2003 12:27:10 -0400 In-Reply-To: <20030420105711.5b213c20.kitsune@gmx.co.uk> Message-ID: <44y926fo69.fsf@be-well.ilk.org> Lines: 51 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: running freebsd in read only mode X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Apr 2003 16:27:14 -0000 kitsune writes: > On Sat, 19 Apr 2003 07:20:19 -0700 (PDT) > Dan wrote: > > > Hello, > > > > I'm looking into how i can run freebsd in read-only > > mode. I looked around for info on this, but was > > unsuccesful at finding anything that helped me in my > > particular situation. I'm involved in a security > > contest kind of like defcon at my college. Of course i > > picked FreeBsd as my O.S. to secure. I am on the > > defensive side of the game, and get points for the > > more access and services i allow to the attackers. So > > here is the situation. What i would like to be able to > > do is boot into freebsd and have it be completely > > read-only. For example, if i give a user shell access > > they can't change anything, they can use the programs, > > but not create or delete anyfiles what so ever. I want > > to be able to run a lot of services, and not allow > > succesful attacks to change anything on the compute > > that way they can have telnet and all the weekest > > protocls freely open, and even if they sniff my > > administration password through a man in the middle > > attacker or what not they can't change it or do > > anything to affect the comp. > > Any suggestions, or help would be greatly > > appreciated. > > > > Dan > > It is possible of mounting everything that is needed as read > only. But that won't a dif if ye are running services that are not > secure since thay will continue to present a threat. If they can get > the root password it does not make a dif since then the can just > easily be remounted so it is writable. This is ignoring securelevels (which can keep mounts from occurring or changing), file change flags, and the possibility of using media that really are read-only (like CD-ROMs). It's still theoretically possible to get around these, but without access to the physical console, it probably requires directly modifying tables in a running kernel. Distinctly tricky. > Like in other OSes, it is best not to take stupid risks with > dangerous services and make sure all the file permissions are good. No question. In the kind of contest in question, though, the definition of "stupid" risks is a bit different from our everyday usage.