From owner-freebsd-current@FreeBSD.ORG Sat Nov 3 15:01:10 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7376DCC1; Sat, 3 Nov 2012 15:01:10 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 074E48FC18; Sat, 3 Nov 2012 15:01:09 +0000 (UTC) Received: by mail-vb0-f54.google.com with SMTP id l1so6030360vba.13 for ; Sat, 03 Nov 2012 08:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v9SgoP4KNGv/UWq14A+jkbAOClmV51gdyVqesKaS2aE=; b=jMiJyDJxuomEejbWMbrrEjENPVi9GV/tEFn1h1xODEtdUWqo8fAGn0Az0YfGG+84fi 9UFdoW6QpLfA4QXe4yBbzra45CkjWFFQj0wIkXP1SyAjmQlf2a7gGp2bsdErlnLBGxCf 3OpLi2sPl1GtndTgSm01zU2Ycar82QENgAoJLkXvh/J2oAgQNOUcwfRpDnlyZd1d33ma xzDEfRjHm/E0t77Sej9u4eG5lonCVlBjt8FmBYrKYwfe+s2HlqZ2EwOY3ns1CoA3lU1Q nklTMfFT/Cu9e8pbOrbDhRzd2+N5P+t7Cmo+4AmdUSR3UcL5qLStAxZ+xho/NELvE5Vn qVhQ== MIME-Version: 1.0 Received: by 10.58.64.196 with SMTP id q4mr4945493ves.3.1351954868727; Sat, 03 Nov 2012 08:01:08 -0700 (PDT) Received: by 10.58.218.35 with HTTP; Sat, 3 Nov 2012 08:01:08 -0700 (PDT) In-Reply-To: References: <1167404891.20121103170049@serebryakov.spb.ru> Date: Sat, 3 Nov 2012 08:01:08 -0700 Message-ID: Subject: Re: FreeBSD as read-only firmware From: Mehmet Erol Sanliturk To: Alexander Yerenkow Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: lev@freebsd.org, freebsd-current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Nov 2012 15:01:10 -0000 On Sat, Nov 3, 2012 at 6:34 AM, Alexander Yerenkow wrot= e: > 2012/11/3 Lev Serebryakov > > > Hello, Alexander. > > You wrote 3 =D0=BD=D0=BE=D1=8F=D0=B1=D1=80=D1=8F 2012 =D0=B3., 16:14:21= : > > > > AY> Hello all! > > AY> Some time ago I got somewhere idea, that base OS should be RO - > > readonly. > > AY> And should be updated easily (ACID) and with possibility of fast > > rollback. > > Why it is better than nanobsd? > > > > Of course, that's all IMHO and fit for my usage: > 1) Same FreeBSD, as in laptop/desktop, (e.g. really same - GENERIC kernel > is used, without dropping any kerberos or else), and yes, I know that > nanobsd can that; > 2) .vmdk simply deployed into Esxi/virtualbox (not sure nanobsd can produ= ce > that) > 3) Transparent /etc/ modifiying VS nanobsd approach (edit, don't forget > mount /cfg, copy there;) > 4) Only OS, no packages included - e.g. I can upgrade/downgrade packages > without touching any byte of OS. Except for symlinks :) nanobsd specified > that if you want packages - you need built them in. > > Of course differences not so big, and I'm not saying that my way is more > better. > It just raised question deep in me - why OS still aren't modularized, and > most of it not in RO (while it should). > > Something like this > > > > > > -- > > // Black Lion AKA Lev Serebryakov > > > > > > > -- > Regards, > Alexander Yerenkow > One of my goals for the FreeBSD usage is as follows : Search all of the FreeBSD sources for the file opens and write statements . Divert all of the file opens and write statements outside of FreeBSD base directories , for example into /var . Modify base to prohibit any load of executable from /var , and /tmp , and other directories which are not included into "base" part . Select a primary collection of packages . Divert all of their file opens and writes to /var . Make /home a separate partition , not included into /usr . For any user , if it is selected , allow his/her home unit definition in a removable drive . Prepare a list of programs which can only be executed by root , and move them to a root allocated directory , and make this list a reserved names list . Do not allow any user to execute these programs whether they are supplied by themselves . In a similar way , make a list of executable programs for the "base" system and "packages" in the "base" part , make them "reserved" names and do not allow any other program with the same name . Delete from the base system the "PATH" concept , and require that all of the executable names are supplied by complete path . If access privileges of a directory is not **x|**x|**x do not allow any program to be executed from such a directory ( recursively from its sub-directories ) . At present , file access privileges should be ***|***|**x for searching directories . This definition is causing security vulnerabilities for directories because it is exposing it to "OTHERS" . Convert all of the parts requiring ***|***|**x to r**|r**|--- for directory searches . In that way , if the user is defined in that way , prevent others to access to a directory and make this as default . Record "base" part into a SDHC card and make it "write protected" . Prepare the "base" SDHC card in a computer that is NOT connected to a network and it is physically protected from intrusion . When a change is required , prepare a new SDHC card in the clean computer and use the new SDHC card . Replicate SDHC cards as many as required for different computers . In that way , there will be an impenetrable system which on boot we will know that it is clean . There a some live CD/DVD compilations , but they are not usable for everyday requirements because they are not designed in that way . For such a work , the best one with respect to my opinion , is http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm among other live CD/DVD compilations . I did not try that one in a SDHC card . I do not know exact data transmission rate of SDHC cards , but , I think , it is faster than CD or DVD . For CD and DVD , at present there is NO any only READ CD or DVD devices . They are disappeared from the market . For writable CD or DVD , it may be possible to append some files at the end of recorded area , and the media may be corrupted by re-recording ( I think ) = . Thank you very much . Mehmet Erol Sanliturk