Date: Fri, 18 Jun 1999 00:10:12 -0600 From: Warner Losh <imp@harmony.village.org> To: Adrian Steinmann <ast@marabu.ch> Cc: security@FreeBSD.ORG Subject: Re: some nice advice.... Message-ID: <199906180610.AAA73351@harmony.village.org> In-Reply-To: Your message of "Fri, 18 Jun 1999 07:36:11 %2B0200." <199906180536.HAA23430@marabu.marabu.ch> References: <199906180536.HAA23430@marabu.marabu.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199906180536.HAA23430@marabu.marabu.ch> Adrian Steinmann writes: : Make sure /boot.config is schg as well, otherwise : echo "wd(0,a)/evil_kernel" > /boot.config && reboot : can circumvent your measures [you could also make / schg, I guess]. Yes. You also need to make sure all scripts, executables and shared images that are touched or potentially touched before the secure level is increased, as well as all programs that run as root or could be run by root. Also, any programs that are run by any users on your system. Gotta love that transitive property of security. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906180610.AAA73351>