From owner-freebsd-security  Thu Dec 21 20:19:49 2000
From owner-freebsd-security@FreeBSD.ORG  Thu Dec 21 20:19:47 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123])
	by hub.freebsd.org (Postfix) with ESMTP
	id 20FE037B400; Thu, 21 Dec 2000 20:19:47 -0800 (PST)
Received: (from kris@localhost)
	by citusc.usc.edu (8.9.3/8.9.3) id UAA32425;
	Thu, 21 Dec 2000 20:21:01 -0800
Date: Thu, 21 Dec 2000 20:21:01 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	Mikhail Kruk <meshko@cs.brandeis.edu>,
	"Michael A. Williams" <mike@netxsecure.net>, security@FreeBSD.ORG
Subject: Re: Read-Only Filesystems
Message-ID: <20001221202101.A32404@citusc.usc.edu>
References: <20001221064842.B27118@citusc.usc.edu> <Pine.LNX.4.30.0012211139260.27904-100000@daedalus.cs.brandeis.edu> <20001221084452.A28157@citusc.usc.edu> <xzp4rzxeh58.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <xzp4rzxeh58.fsf@flood.ping.uio.no>; from des@ofug.org on Thu, Dec 21, 2000 at 07:57:55PM +0100
Sender: kris@citusc.usc.edu
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 21, 2000 at 07:57:55PM +0100, Dag-Erling Smorgrav wrote:
> Kris Kennaway <kris@FreeBSD.ORG> writes:
> > On Thu, Dec 21, 2000 at 11:39:56AM -0500, Mikhail Kruk wrote:
> > > Kris Kennaway <kris@FreeBSD.ORG> writes:
> > > > Correct, but if they're not noschg then you can trivially trojan a
> > > > kernel module which you know is loaded at boot time. [...]
> > > wait, but can't you make kernel modules and startup scripts noschg to=
o?
> > Go back and read the first paragraph above. It's theoretically
> > possible, but the list of things you would have to noschg is huge,
> > constantly changing from version to version, and not completely known.
>=20
> Umm, people, please, "schg" not "noschg". If you find this confusing,

Sorry, I always get those two confused because the abbreviation doesnt
mean anything to me - I didnt have a FreeBD box handy to check the
manpage on.

Kris

--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6QtatWry0BWjoQKURAoarAJwJD8jI4zpHaq1tCKzipqM228tS5ACgsm8m
hFWeUsSRSXEuRhyUOpLmpT4=
=B22z
-----END PGP SIGNATURE-----

--IS0zKkzwUGydFO0o--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message