Date: Wed, 4 Oct 2000 02:58:36 -0700 From: Kris Kennaway <kris@FreeBSD.org> To: Dima Dorfman <dima@unixfreak.org> Cc: Kris Kennaway <kris@FreeBSD.org>, Alfred Perlstein <bright@wintelcom.net>, Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004025836.A84165@freefall.freebsd.org> In-Reply-To: <20001004092758.335931F0A@static.unixfreak.org>; from dima@unixfreak.org on Wed, Oct 04, 2000 at 02:27:58AM -0700 References: <20001004021948.A76230@freefall.freebsd.org> <20001004092758.335931F0A@static.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 04, 2000 at 02:27:58AM -0700, Dima Dorfman wrote: > In securelevel >= 2, you can't open a disk for writing unless you're > mount(2). I don't know much about null mounts, so I don't know if > that will prevent them from working. mounting is still allowed at all securelevels, so you could also null mount over the top of /usr/bin even if /usr/bin is schg. The fact that you can mount volumes at high securelevel seems to mean there is no way you can protect a running system against tampering with a given file (i.e. replacing the runtime-visible instance of a given file). Robert Watson would probably start talking about MAC about now :-) but I'm not sure if this is something which should be fixed as a security problem, or if it is just not practical to expect securelevels to prevent run-time tampering of a given file (leaving aside the issues of protecting the boot path against taking control of the machine at next reboot time, which only happens as a result of incomplete coverage of the relevant files and directories with schg) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001004025836.A84165>