From owner-freebsd-security Thu Dec 21 8:40: 1 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 21 08:39:58 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from daedalus.cs.brandeis.edu (daedalus.cs.brandeis.edu [129.64.3.179]) by hub.freebsd.org (Postfix) with ESMTP id 8167037B400; Thu, 21 Dec 2000 08:39:57 -0800 (PST) Received: from localhost (meshko@localhost) by daedalus.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id LAA27915; Thu, 21 Dec 2000 11:39:56 -0500 Date: Thu, 21 Dec 2000 11:39:56 -0500 (EST) From: Mikhail Kruk To: Kris Kennaway Cc: "Michael A. Williams" , Subject: Re: Read-Only Filesystems In-Reply-To: <20001221064842.B27118@citusc.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: meshko@daedalus.cs.brandeis.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Don't forget chflags'ing every binary involved in the startup process, > > > too. And all of your kernel modules. And the boot loader and its > > > config files. And all of the appropriate directories. And /etc/fstab > > > so null or union mounts can't be used to shadow a protected file...you > > > get the picture :-) > > > > Securelevel 2 should not allow loading of kernel modules. > > Correct, but if they're not noschg then you can trivially trojan a > kernel module which you know is loaded at boot time. Or you can add > yourself a new kernel module and load it by editing the boot loader > config, or by editing one of the startup scripts, or by trojaning one > of the binaries run during the system startup prior to raising of > securelevel, etc etc. > > Then cause, or wait for a reboot. wait, but can't you make kernel modules and startup scripts noschg too? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message