From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 07:35:22 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 452F116A4CE for ; Wed, 11 Feb 2004 07:35:22 -0800 (PST) Received: from snootles.jimz.net (snootles.jimz.net [69.55.224.55]) by mx1.FreeBSD.org (Postfix) with SMTP id 157D243D1D for ; Wed, 11 Feb 2004 07:35:22 -0800 (PST) (envelope-from jim@jimz.net) Received: (qmail 4279 invoked from network); 11 Feb 2004 15:35:09 -0000 Received: from unknown (HELO ?141.211.183.93?) (jamesez@141.211.183.93) by snootles.jimz.net with (RC4-SHA encrypted) SMTP; 11 Feb 2004 15:35:09 -0000 Mime-Version: 1.0 (Apple Message framework v612) In-Reply-To: <1295.192.168.0.77.1076513042.squirrel@mail.redix.it> References: <1171.192.168.0.77.1076505166.squirrel@mail.redix.it><79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net> <2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC@patpro.net> <1295.192.168.0.77.1076513042.squirrel@mail.redix.it> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jim Zajkowski Date: Wed, 11 Feb 2004 10:35:07 -0500 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.612) X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on snootles.jimz.net X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.61 Subject: Re: Question about securelevel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2004 15:35:22 -0000 On Feb 11, 2004, at 10:24 AM, roberto@redix.it wrote: > Yes I agree with you: a secure system should be read-only fs, but to > overcome the drawbacks of a CDROM, I can use a standard hardisk with a > read-only file system while securelevel==3. The writable file system > should be available in single user mode only on console. If I figure out how to make your filesystem remount read-write without a reboot, the game is over. Running off a CD with a server which has a drive which cannot write discs, it doesn't much matter if I figured out how to change the RO mount or not, since the media itself cannot be written to [1]. Defense in depth. --Jim [1] I suppose those flash-IDE thingamabobs that have a switch to toggle to read-only work just as well here too.