From owner-freebsd-security Tue Dec 19 21:51: 2 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 21:50:59 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id DBB1E37B404; Tue, 19 Dec 2000 21:50:58 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id eBK5ow507515; Tue, 19 Dec 2000 21:50:58 -0800 (PST) Date: Tue, 19 Dec 2000 21:50:58 -0800 From: Alfred Perlstein To: Kris Kennaway Cc: cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001219215057.F19572@fw.wintelcom.net> References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <20001219120953.S19572@fw.wintelcom.net> <20001219211642.D13474@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001219211642.D13474@citusc.usc.edu>; from kris@FreeBSD.ORG on Tue, Dec 19, 2000 at 09:16:42PM -0800 Sender: bright@fw.wintelcom.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Kris Kennaway [001219 21:15] wrote: > On Tue, Dec 19, 2000 at 12:09:53PM -0800, Alfred Perlstein wrote: > > * Crist J. Clark [001219 11:50] wrote: > > > I was recently playing around with the idea of having a read-only root > > > filesystem. However, it has become clear that there is no way to > > > prevent root from changing the mount properties on any filesystem, > > > including the root filesystem, provided there is no hardware-level > > > block on writing and there is someplace (anyplace) where root can > > > write. > > > > > > Is that accurate? I guess one must go to a "trusted OS" to get that > > > type of functionality? > > > > You can trust freebsd. :) > > > > do some research on "securelevel" > > I don't believe mounting or remounting is denied by any securelevel..I > raised this a few months ago but the consensus seemed to be that > securelevel was too broken by design and the real fix was MAC, which > is coming with TrustedBSD. I don't see the problem with fixing securelevel in that aspect since the securelevel is raised late in the boot process, after the fs's are mounted. no? -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message