From owner-freebsd-security  Wed Dec 20 17:39:41 2000
From owner-freebsd-security@FreeBSD.ORG  Wed Dec 20 17:39:39 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9179137B400; Wed, 20 Dec 2000 17:39:39 -0800 (PST)
Received: (from kris@localhost)
	by citusc.usc.edu (8.9.3/8.9.3) id RAA22503;
	Wed, 20 Dec 2000 17:40:56 -0800
Date: Wed, 20 Dec 2000 17:40:56 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Mark Zielinski <markz@2cactus.com>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	Alfred Perlstein <bright@wintelcom.net>, cjclark@alum.mit.edu,
	freebsd-security@FreeBSD.ORG
Subject: Re: Read-Only Filesystems
Message-ID: <20001220174056.C22288@citusc.usc.edu>
References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <20001219120953.S19572@fw.wintelcom.net> <20001219211642.D13474@citusc.usc.edu> <3A40BED3.1070909@2cactus.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="XMCwj5IQnwKtuyBG"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <3A40BED3.1070909@2cactus.com>; from markz@2cactus.com on Wed, Dec 20, 2000 at 02:14:43PM +0000
Sender: kris@citusc.usc.edu
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--XMCwj5IQnwKtuyBG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Dec 20, 2000 at 02:14:43PM +0000, Mark Zielinski wrote:
> This is a attack that we fixed in SecureBSD by not allowing
> filesystems to be un-mounted and re-mounted back in May of 1999.
> We added security checks to the mount() and unmount() system calls
> based upon a MIB called securebsd.options.mount which could be
> turned on or off depending upon your securelevel setting.

The argument is that securelevel is fundamentally flawed and fairly
useless as a security feature, unless you treat every system reboot
(expected or not) as a potential compromise.

Kris

--XMCwj5IQnwKtuyBG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6QV+nWry0BWjoQKURAguTAJ4nuC/3p4s5PlhPWdlpgVsRWWJZ0gCg7tH3
Ov/N9O5lNq+yNeE+Y8Isbag=
=sUiM
-----END PGP SIGNATURE-----

--XMCwj5IQnwKtuyBG--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message