Date: Wed, 20 Dec 2000 17:59:31 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Alfred Perlstein <bright@wintelcom.net> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Mark Zielinski <markz@2cactus.com>, cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001220175931.E22288@citusc.usc.edu> In-Reply-To: <20001220174129.F19572@fw.wintelcom.net>; from bright@wintelcom.net on Wed, Dec 20, 2000 at 05:41:29PM -0800 References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <20001219120953.S19572@fw.wintelcom.net> <20001219211642.D13474@citusc.usc.edu> <3A40BED3.1070909@2cactus.com> <20001220174056.C22288@citusc.usc.edu> <20001220174129.F19572@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--maH1Gajj2nflutpK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 20, 2000 at 05:41:29PM -0800, Alfred Perlstein wrote: > * Kris Kennaway <kris@FreeBSD.ORG> [001220 17:39] wrote: > > On Wed, Dec 20, 2000 at 02:14:43PM +0000, Mark Zielinski wrote: > > > This is a attack that we fixed in SecureBSD by not allowing > > > filesystems to be un-mounted and re-mounted back in May of 1999. > > > We added security checks to the mount() and unmount() system calls > > > based upon a MIB called securebsd.options.mount which could be > > > turned on or off depending upon your securelevel setting. > >=20 > > The argument is that securelevel is fundamentally flawed and fairly > > useless as a security feature, unless you treat every system reboot > > (expected or not) as a potential compromise. >=20 > Actually, securelevel as a all-covering blanket would work better > if people implemented fixes for it like a solution for the mount > problem described here. That still doesn't alter the fact that only a single reboot is needed to undo the restrictions. I can see both points of view: on the one hand we have a system which stops some script kiddies, so we might as well extend the coverage a bit and try and foil a few more. It also happens to be the best available system right now. On the other hand, it's fundamentally incomplete and easily worked around, so you can argue there's no point wasting effort in polishing a turd. > Securelevel is hard to implement, but hard to mess up unlike ACLs > which are both hard to implement and hard to deploy. Well, we're not talking about ACLs here..MAC is a different beast. I don't know to what extent your criticism applies, though, not having administered or configured such a system. Kris --maH1Gajj2nflutpK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QWQDWry0BWjoQKURAsZAAJ0XGytEq3oQa34ybOEDZHR7AXyEkgCgg/3v XAR025LHIfAfx65GaJwZiEY= =9BJX -----END PGP SIGNATURE----- --maH1Gajj2nflutpK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001220175931.E22288>