Date: Thu, 21 Dec 2000 06:48:42 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: "Michael A. Williams" <mike@netxsecure.net> Cc: security@FreeBSD.ORG, Kris Kennaway <kris@FreeBSD.ORG> Subject: Re: Read-Only Filesystems Message-ID: <20001221064842.B27118@citusc.usc.edu> In-Reply-To: <3A41BE58.76ECD6A9@netxsecure.net>; from mike@netxsecure.net on Thu, Dec 21, 2000 at 09:24:56PM %2B1300 References: <657B20E93E93D4118F9700D0B73CE3EA024346@goofy.epylon.lan> <20001220182936.H22288@citusc.usc.edu> <3A41BE58.76ECD6A9@netxsecure.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2000 at 09:24:56PM +1300, Michael A. Williams wrote: > > > The only way I could think of to do his securely in the current > > > implementation is to chflags most of the etc dir (with the exception > > > of files that did need to be cahnged like passwd master.passwd > > > aliases, etc.).. mainly the rc files.. but this makes administering > > > remotely a pain in the ass.. Of course, security in many cases comes > > > with a hassle factor. > >=20 > > Don't forget chflags'ing every binary involved in the startup process, > > too. And all of your kernel modules. And the boot loader and its > > config files. And all of the appropriate directories. And /etc/fstab > > so null or union mounts can't be used to shadow a protected file...you > > get the picture :-) >=20 > Securelevel 2 should not allow loading of kernel modules. Correct, but if they're not noschg then you can trivially trojan a kernel module which you know is loaded at boot time. Or you can add yourself a new kernel module and load it by editing the boot loader config, or by editing one of the startup scripts, or by trojaning one of the binaries run during the system startup prior to raising of securelevel, etc etc. Then cause, or wait for a reboot. Kris --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QhhKWry0BWjoQKURAl1nAJ4qOL9z861ejey2RYrK4eE8Yh5OxwCg9ceG q7zklPtxQ92W76k+urO7+dw= =WVV5 -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001221064842.B27118>