Date: Wed, 20 Dec 2000 14:14:43 +0000 From: Mark Zielinski <markz@2cactus.com> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Alfred Perlstein <bright@wintelcom.net>, cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <3A40BED3.1070909@2cactus.com> References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <20001219120953.S19572@fw.wintelcom.net> <20001219211642.D13474@citusc.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a attack that we fixed in SecureBSD by not allowing filesystems to be un-mounted and re-mounted back in May of 1999. We added security checks to the mount() and unmount() system calls based upon a MIB called securebsd.options.mount which could be turned on or off depending upon your securelevel setting. Around the time that we wrote this feature, if your securelevel was not set to two or higher, root users could un-mount a filesystem and directly write to the file system's raw device in order to remove file flags on files. This option prevented this attack, even when your securelevel was only set at a level of one. Kris Kennaway wrote: > On Tue, Dec 19, 2000 at 12:09:53PM -0800, Alfred Perlstein wrote: > >> * Crist J. Clark <cjclark@reflexnet.net> [001219 11:50] wrote: >> >>> I was recently playing around with the idea of having a read-only root >>> filesystem. However, it has become clear that there is no way to >>> prevent root from changing the mount properties on any filesystem, >>> including the root filesystem, provided there is no hardware-level >>> block on writing and there is someplace (anyplace) where root can >>> write. >>> >>> Is that accurate? I guess one must go to a "trusted OS" to get that >>> type of functionality? >> >> You can trust freebsd. :) >> >> do some research on "securelevel" > > > I don't believe mounting or remounting is denied by any securelevel..I > raised this a few months ago but the consensus seemed to be that > securelevel was too broken by design and the real fix was MAC, which > is coming with TrustedBSD. > > Kris -- Mark Zielinski 2 Cactus Development Senior Software Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A40BED3.1070909>