From owner-freebsd-security Thu Dec 21 6:47:33 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 21 06:47:30 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123]) by hub.freebsd.org (Postfix) with ESMTP id 1B80037B400; Thu, 21 Dec 2000 06:47:30 -0800 (PST) Received: (from kris@localhost) by citusc.usc.edu (8.9.3/8.9.3) id GAA27292; Thu, 21 Dec 2000 06:48:42 -0800 Date: Thu, 21 Dec 2000 06:48:42 -0800 From: Kris Kennaway To: "Michael A. Williams" Cc: security@FreeBSD.ORG, Kris Kennaway Subject: Re: Read-Only Filesystems Message-ID: <20001221064842.B27118@citusc.usc.edu> References: <657B20E93E93D4118F9700D0B73CE3EA024346@goofy.epylon.lan> <20001220182936.H22288@citusc.usc.edu> <3A41BE58.76ECD6A9@netxsecure.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <3A41BE58.76ECD6A9@netxsecure.net>; from mike@netxsecure.net on Thu, Dec 21, 2000 at 09:24:56PM +1300 Sender: kris@citusc.usc.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2000 at 09:24:56PM +1300, Michael A. Williams wrote: > > > The only way I could think of to do his securely in the current > > > implementation is to chflags most of the etc dir (with the exception > > > of files that did need to be cahnged like passwd master.passwd > > > aliases, etc.).. mainly the rc files.. but this makes administering > > > remotely a pain in the ass.. Of course, security in many cases comes > > > with a hassle factor. > >=20 > > Don't forget chflags'ing every binary involved in the startup process, > > too. And all of your kernel modules. And the boot loader and its > > config files. And all of the appropriate directories. And /etc/fstab > > so null or union mounts can't be used to shadow a protected file...you > > get the picture :-) >=20 > Securelevel 2 should not allow loading of kernel modules. Correct, but if they're not noschg then you can trivially trojan a kernel module which you know is loaded at boot time. Or you can add yourself a new kernel module and load it by editing the boot loader config, or by editing one of the startup scripts, or by trojaning one of the binaries run during the system startup prior to raising of securelevel, etc etc. Then cause, or wait for a reboot. Kris --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QhhKWry0BWjoQKURAl1nAJ4qOL9z861ejey2RYrK4eE8Yh5OxwCg9ceG q7zklPtxQ92W76k+urO7+dw= =WVV5 -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message