Date: Thu, 21 Dec 2000 08:44:52 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Mikhail Kruk <meshko@cs.brandeis.edu> Cc: Kris Kennaway <kris@FreeBSD.ORG>, "Michael A. Williams" <mike@netxsecure.net>, security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001221084452.A28157@citusc.usc.edu> In-Reply-To: <Pine.LNX.4.30.0012211139260.27904-100000@daedalus.cs.brandeis.edu>; from meshko@cs.brandeis.edu on Thu, Dec 21, 2000 at 11:39:56AM -0500 References: <20001221064842.B27118@citusc.usc.edu> <Pine.LNX.4.30.0012211139260.27904-100000@daedalus.cs.brandeis.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2000 at 11:39:56AM -0500, Mikhail Kruk wrote: > > > > Don't forget chflags'ing every binary involved in the startup proce= ss, > > > > too. And all of your kernel modules. And the boot loader and its > > > > config files. And all of the appropriate directories. And /etc/fstab > > > > so null or union mounts can't be used to shadow a protected file...= you > > > > get the picture :-) > > > > > > Securelevel 2 should not allow loading of kernel modules. > > > > Correct, but if they're not noschg then you can trivially trojan a > > kernel module which you know is loaded at boot time. Or you can add > > yourself a new kernel module and load it by editing the boot loader > > config, or by editing one of the startup scripts, or by trojaning one > > of the binaries run during the system startup prior to raising of > > securelevel, etc etc. > > > > Then cause, or wait for a reboot. >=20 > wait, but can't you make kernel modules and startup scripts noschg too? Go back and read the first paragraph above. It's theoretically possible, but the list of things you would have to noschg is huge, constantly changing from version to version, and not completely known. Kris --17pEHd4RhPHOinZp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QjOEWry0BWjoQKURAtJ6AJ90zM5qrJkJs6Ty8RoD/c+ck1opEwCfcNBB mjMO51ePPGhugRplpcTmyrA= =ypkK -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001221084452.A28157>