From owner-freebsd-security Wed Dec 20 23:12:20 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 20 23:12:18 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 9A0FD37B400; Wed, 20 Dec 2000 23:12:18 -0800 (PST) Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 20 Dec 2000 23:10:39 -0800 Received: (from cjc@localhost) by rfx-64-6-211-149.users.reflexcom.com (8.11.0/8.11.0) id eBL7CAm88184; Wed, 20 Dec 2000 23:12:10 -0800 (PST) (envelope-from cjc) Date: Wed, 20 Dec 2000 23:12:05 -0800 From: "Crist J. Clark" To: Kris Kennaway Cc: Alfred Perlstein , Mark Zielinski , cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001220231205.W96105@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <20001219120953.S19572@fw.wintelcom.net> <20001219211642.D13474@citusc.usc.edu> <3A40BED3.1070909@2cactus.com> <20001220174056.C22288@citusc.usc.edu> <20001220174129.F19572@fw.wintelcom.net> <20001220175931.E22288@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20001220175931.E22288@citusc.usc.edu>; from kris@FreeBSD.ORG on Wed, Dec 20, 2000 at 05:59:31PM -0800 Sender: cjc@rfx-64-6-211-149.users.reflexcom.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 20, 2000 at 05:59:31PM -0800, Kris Kennaway wrote: > On Wed, Dec 20, 2000 at 05:41:29PM -0800, Alfred Perlstein wrote: [snip] > > Actually, securelevel as a all-covering blanket would work better > > if people implemented fixes for it like a solution for the mount > > problem described here. > > That still doesn't alter the fact that only a single reboot is needed > to undo the restrictions. Could you elaborate on what scenario you are describing? Of course if the attacker has physical access, he is a reboot away from getting by securelevel. But is there a remote attack involving a reboot which negates securelevel besides the obvious case where the rc* files (and init, and kernel, and... ) are not sufficiently protected? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message