From owner-freebsd-security Thu Dec 21 13:50:53 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 21 13:50:51 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from p0016c23.us.kpmg.com (p0016c23.us.kpmg.com [199.207.255.23]) by hub.freebsd.org (Postfix) with ESMTP id ABAAC37B402 for ; Thu, 21 Dec 2000 13:50:50 -0800 (PST) Received: from p0016c56 by p0016c23.us.kpmg.com(Pro-8.9.3/Pro-8.9.3) with SMTP id QAA01151 for ; Thu, 21 Dec 2000 16:50:49 -0500 (EST) Received: from p0016c22.kweb.us.kpmg.com by p0016c56 via smtpd (for [199.207.255.23]) with SMTP; 21 Dec 2000 21:50:49 UT Received: from usnssexc11.kweb.us.kpmg.com by kpmg.com(Pro-8.9.2/Pro-8.9.2) with ESMTP id QAA06787 for ; Thu, 21 Dec 2000 16:50:48 -0500 (EST) Received: from usnssexc11.kweb.us.kpmg.com (unverified) by usnssexc11.kweb.us.kpmg.com (Content Technologies SMTPRS 2.0.15) with ESMTP id for ; Thu, 21 Dec 2000 16:50:40 -0500 Received: by usnssexc11.kweb.us.kpmg.com with Internet Mail Service (5.5.2650.21) id ; Thu, 21 Dec 2000 16:50:40 -0500 Message-Id: <7799D023E51ED311BFB50008C75DD7B402881BCC@uschiexc05.kweb.us.kpmg.com> From: "Passki, Jonathan P" To: freebsd-security@freebsd.org Subject: RE: Read-Only Filesystems Date: Thu, 21 Dec 2000 16:50:35 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Nope, that's the one. Once the attacker breaks root on a high > > securelevel machine they can arrange it so that the next time the > > system boots it does their dirty work for them prior to raising the > > securelevel (e.g. load a KLD which allows them backdoor > access around > > the securelevel restrictions, so the system appears to be running > > normally). > > > > Kris > > > To be truly, anal. Couldn't one just put a bios boot password > on every > server reboot (really how often do we need to reboot). And > have a serial > console hooked up to the server. > > That way if the attacker drops the security level and > reboots, he can't > modify anything as the server never boots up. It's major downtime, but > better then a comprimise. > > K.J. > Why not just unplug it, lock the computer in a safe, and seal the safe? Security is usually a compromise determined from user requirements and system requirements. The number of levels of controls in place help (onion layer effect), but at some time it will hinder. I guess it's all just a rhetorical argument, since every environment is different, and objective views on security controls are hard to make, unless you can analysis the environment. If one person is running a FreeBSD box behind a decent firewall, most attacks out there won't succeed, but perhaps that sk1ll3d h4x0r might be able to compromise your box. If you're a corporation, the more layers and controls involved. yada yada yada Jon My $.02 in this non-technical, red herring rant ;) ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message