Date: Wed, 4 Oct 2000 02:58:36 -0700 From: Kris Kennaway <kris@FreeBSD.org> To: Dima Dorfman <dima@unixfreak.org> Cc: Kris Kennaway <kris@FreeBSD.org>, Alfred Perlstein <bright@wintelcom.net>, Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004025836.A84165@freefall.freebsd.org> In-Reply-To: <20001004092758.335931F0A@static.unixfreak.org>; from dima@unixfreak.org on Wed, Oct 04, 2000 at 02:27:58AM -0700 References: <20001004021948.A76230@freefall.freebsd.org> <20001004092758.335931F0A@static.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 04, 2000 at 02:27:58AM -0700, Dima Dorfman wrote:
> In securelevel >= 2, you can't open a disk for writing unless you're
> mount(2). I don't know much about null mounts, so I don't know if
> that will prevent them from working.
mounting is still allowed at all securelevels, so you could also null
mount over the top of /usr/bin even if /usr/bin is schg. The fact that
you can mount volumes at high securelevel seems to mean there is no
way you can protect a running system against tampering with a given
file (i.e. replacing the runtime-visible instance of a given file).
Robert Watson would probably start talking about MAC about now :-) but
I'm not sure if this is something which should be fixed as a security
problem, or if it is just not practical to expect securelevels to
prevent run-time tampering of a given file (leaving aside the issues
of protecting the boot path against taking control of the machine at
next reboot time, which only happens as a result of incomplete
coverage of the relevant files and directories with schg)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001004025836.A84165>