From owner-freebsd-security Thu Dec 21 13:40:47 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 21 13:40:44 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from fud.indifference.org (cr597818-a.crdva1.bc.wave.home.com [24.113.89.211]) by hub.freebsd.org (Postfix) with SMTP id B50BE37B404 for ; Thu, 21 Dec 2000 13:40:43 -0800 (PST) Received: (qmail 34222 invoked by uid 1001); 21 Dec 2000 22:04:35 -0000 Date: Thu, 21 Dec 2000 14:04:35 -0800 From: kj@indifference.org To: freebsd-security@freebsd.org Subject: Re: Read-Only Filesystems Message-ID: <20001221140435.F25684@indifference.org> References: <20001219114936.A23819@rfx-64-6-211-149.users.reflexco> <20001219120953.S19572@fw.wintelcom.net> <20001219211642.D13474@citusc.usc.edu> <3A40BED3.1070909@2cactus.com> <20001220174056.C22288@citusc.usc.edu> <20001220174129.F19572@fw.wintelcom.net> <20001220175931.E22288@citusc.usc.edu> <20001220231205.W96105@149.211.6.64.reflexcom.com> <20001221060108.B26775@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001221060108.B26775@citusc.usc.edu>; from kris@FreeBSD.ORG on Thu, Dec 21, 2000 at 06:01:08AM -0800 X-Operating-System: BrokenBSD 1.1.1 X-List-Master: indifference.org Sender: lists@indifference.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Nope, that's the one. Once the attacker breaks root on a high > securelevel machine they can arrange it so that the next time the > system boots it does their dirty work for them prior to raising the > securelevel (e.g. load a KLD which allows them backdoor access around > the securelevel restrictions, so the system appears to be running > normally). > > Kris To be truly, anal. Couldn't one just put a bios boot password on every server reboot (really how often do we need to reboot). And have a serial console hooked up to the server. That way if the attacker drops the security level and reboots, he can't modify anything as the server never boots up. It's major downtime, but better then a comprimise. K.J. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message