Date: Sat, 3 Nov 2012 08:01:08 -0700 From: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> To: Alexander Yerenkow <yerenkow@gmail.com> Cc: lev@freebsd.org, freebsd-current <freebsd-current@freebsd.org> Subject: Re: FreeBSD as read-only firmware Message-ID: <CAOgwaMtnqCvA3_zyd1fqmEFyrTD4hZHoE5QZC0akmK0DTm8=yw@mail.gmail.com> In-Reply-To: <CAPJF9wmVPxMDBqyy=Dqdnb%2BZ33f_wLDx9CFbk_oSEx4inboK6A@mail.gmail.com> References: <CAPJF9wmO-oO7cy4XUwnTMb5cpD14TaK430rWW2nqodBFWw54DQ@mail.gmail.com> <1167404891.20121103170049@serebryakov.spb.ru> <CAPJF9wmVPxMDBqyy=Dqdnb%2BZ33f_wLDx9CFbk_oSEx4inboK6A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 3, 2012 at 6:34 AM, Alexander Yerenkow <yerenkow@gmail.com>wrot= e: > 2012/11/3 Lev Serebryakov <lev@freebsd.org> > > > Hello, Alexander. > > You wrote 3 =D0=BD=D0=BE=D1=8F=D0=B1=D1=80=D1=8F 2012 =D0=B3., 16:14:21= : > > > > AY> Hello all! > > AY> Some time ago I got somewhere idea, that base OS should be RO - > > readonly. > > AY> And should be updated easily (ACID) and with possibility of fast > > rollback. > > Why it is better than nanobsd? > > > > Of course, that's all IMHO and fit for my usage: > 1) Same FreeBSD, as in laptop/desktop, (e.g. really same - GENERIC kernel > is used, without dropping any kerberos or else), and yes, I know that > nanobsd can that; > 2) .vmdk simply deployed into Esxi/virtualbox (not sure nanobsd can produ= ce > that) > 3) Transparent /etc/ modifiying VS nanobsd approach (edit, don't forget > mount /cfg, copy there;) > 4) Only OS, no packages included - e.g. I can upgrade/downgrade packages > without touching any byte of OS. Except for symlinks :) nanobsd specified > that if you want packages - you need built them in. > > Of course differences not so big, and I'm not saying that my way is more > better. > It just raised question deep in me - why OS still aren't modularized, and > most of it not in RO (while it should). > > Something like this > > > > > > -- > > // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org> > > > > > > > -- > Regards, > Alexander Yerenkow > One of my goals for the FreeBSD usage is as follows : Search all of the FreeBSD sources for the file opens and write statements . Divert all of the file opens and write statements outside of FreeBSD base directories , for example into /var . Modify base to prohibit any load of executable from /var , and /tmp , and other directories which are not included into "base" part . Select a primary collection of packages . Divert all of their file opens and writes to /var . Make /home a separate partition , not included into /usr . For any user , if it is selected , allow his/her home unit definition in a removable drive . Prepare a list of programs which can only be executed by root , and move them to a root allocated directory , and make this list a reserved names list . Do not allow any user to execute these programs whether they are supplied by themselves . In a similar way , make a list of executable programs for the "base" system and "packages" in the "base" part , make them "reserved" names and do not allow any other program with the same name . Delete from the base system the "PATH" concept , and require that all of the executable names are supplied by complete path . If access privileges of a directory is not **x|**x|**x do not allow any program to be executed from such a directory ( recursively from its sub-directories ) . At present , file access privileges should be ***|***|**x for searching directories . This definition is causing security vulnerabilities for directories because it is exposing it to "OTHERS" . Convert all of the parts requiring ***|***|**x to r**|r**|--- for directory searches . In that way , if the user is defined in that way , prevent others to access to a directory and make this as default . Record "base" part into a SDHC card and make it "write protected" . Prepare the "base" SDHC card in a computer that is NOT connected to a network and it is physically protected from intrusion . When a change is required , prepare a new SDHC card in the clean computer and use the new SDHC card . Replicate SDHC cards as many as required for different computers . In that way , there will be an impenetrable system which on boot we will know that it is clean . There a some live CD/DVD compilations , but they are not usable for everyday requirements because they are not designed in that way . For such a work , the best one with respect to my opinion , is http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm among other live CD/DVD compilations . I did not try that one in a SDHC card . I do not know exact data transmission rate of SDHC cards , but , I think , it is faster than CD or DVD . For CD and DVD , at present there is NO any only READ CD or DVD devices . They are disappeared from the market . For writable CD or DVD , it may be possible to append some files at the end of recorded area , and the media may be corrupted by re-recording ( I think ) = . Thank you very much . Mehmet Erol Sanliturk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOgwaMtnqCvA3_zyd1fqmEFyrTD4hZHoE5QZC0akmK0DTm8=yw>