From owner-freebsd-security Wed Dec 20 18: 6:12 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 20 18:06:04 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 88C4837B400; Wed, 20 Dec 2000 18:06:03 -0800 (PST) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2650.21) id ; Wed, 20 Dec 2000 18:05:59 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA024346@goofy.epylon.lan> From: Jason DiCioccio To: 'Kris Kennaway' , Alfred Perlstein Cc: Mark Zielinski , cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: RE: Read-Only Filesystems Date: Wed, 20 Dec 2000 18:05:58 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C06AF2.8F6FEEA2" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C06AF2.8F6FEEA2 Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only way I could think of to do his securely in the current implementation is to chflags most of the etc dir (with the exception of files that did need to be cahnged like passwd master.passwd aliases, etc.).. mainly the rc files.. but this makes administering remotely a pain in the ass.. Of course, security in many cases comes with a hassle factor. - -JD- - ------- Jason DiCioccio Evil Genius Unix BOFH mailto:jasond@epylon.com 415-593-2761 Direct & Fax 415-593-2900 Main Epylon Corporation 645 Harrison Street, Suite 200 San Francisco, CA 94107 www.epylon.com BSD is for people who love Unix - Linux is for people who hate Microsoft - -----Original Message----- From: Kris Kennaway [mailto:kris@FreeBSD.ORG] Sent: Wednesday, December 20, 2000 6:00 PM To: Alfred Perlstein Cc: Kris Kennaway; Mark Zielinski; cjclark@alum.mit.edu; freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems On Wed, Dec 20, 2000 at 05:41:29PM -0800, Alfred Perlstein wrote: > * Kris Kennaway [001220 17:39] wrote: > > On Wed, Dec 20, 2000 at 02:14:43PM +0000, Mark Zielinski wrote: > > > This is a attack that we fixed in SecureBSD by not allowing > > > filesystems to be un-mounted and re-mounted back in May of > > > 1999. We added security checks to the mount() and unmount() > > > system calls based upon a MIB called securebsd.options.mount > > > which could be turned on or off depending upon your securelevel > > > setting. > > > > The argument is that securelevel is fundamentally flawed and > > fairly useless as a security feature, unless you treat every > > system reboot (expected or not) as a potential compromise. > > Actually, securelevel as a all-covering blanket would work better > if people implemented fixes for it like a solution for the mount > problem described here. That still doesn't alter the fact that only a single reboot is needed to undo the restrictions. I can see both points of view: on the one hand we have a system which stops some script kiddies, so we might as well extend the coverage a bit and try and foil a few more. It also happens to be the best available system right now. On the other hand, it's fundamentally incomplete and easily worked around, so you can argue there's no point wasting effort in polishing a turd. > Securelevel is hard to implement, but hard to mess up unlike ACLs > which are both hard to implement and hard to deploy. Well, we're not talking about ACLs here..MAC is a different beast. I don't know to what extent your criticism applies, though, not having administered or configured such a system. Kris -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOkFlvFCmU62pemyaEQIVVgCfTvE7AWOpnl9lxoYvbmNDQUJzEHEAn3uI ZJ9E45K3qXvI+o9KfW1BweZJ =qjzl -----END PGP SIGNATURE----- ------_=_NextPart_000_01C06AF2.8F6FEEA2 Content-Type: application/octet-stream; name="Jason DiCioccio.vcf" Content-Disposition: attachment; filename="Jason DiCioccio.vcf" BEGIN:VCARD VERSION:2.1 N:DiCioccio;Jason FN:Jason DiCioccio ORG:epylon.com;operations TITLE:UNIX ADMIN ADR;WORK:;;645 Harrison St;San Francisco;CA;94107;usa LABEL;WORK;ENCODING=QUOTED-PRINTABLE:645 Harrison St=0D=0ASan Francisco, CA 94107=0D=0Ausa EMAIL;PREF;INTERNET:Jason.DiCioccio@Epylon.com REV:19990105T135529Z END:VCARD ------_=_NextPart_000_01C06AF2.8F6FEEA2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message