Date: Wed, 20 Dec 2000 23:05:48 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Jason DiCioccio <Jason.DiCioccio@Epylon.com> Cc: "'Kris Kennaway'" <kris@FreeBSD.ORG>, Alfred Perlstein <bright@wintelcom.net>, Mark Zielinski <markz@2cactus.com>, cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001220230548.V96105@149.211.6.64.reflexcom.com> In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA024346@goofy.epylon.lan>; from Jason.DiCioccio@Epylon.com on Wed, Dec 20, 2000 at 06:05:58PM -0800 References: <657B20E93E93D4118F9700D0B73CE3EA024346@goofy.epylon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 20, 2000 at 06:05:58PM -0800, Jason DiCioccio wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The only way I could think of to do his securely in the current > implementation is to chflags most of the etc dir (with the exception > of files that did need to be cahnged like passwd master.passwd > aliases, etc.).. mainly the rc files.. but this makes administering > remotely a pain in the ass.. Of course, security in many cases comes > with a hassle factor. Hmmm... I was thinking that this would not be possible, to schg files in /etc and still be able to use passwd(1), but provided that / is schg, I can't seem to figure out how to mess with files in /etc with schg. I was thinking I could fsdb(8) /etc, but I can't mess with a mounted FS?! That's no fun! I still think there is a way around this... Anyone know it? I'm tired of reading 'Operation not permitted' as I try this out. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001220230548.V96105>