From owner-freebsd-bugs@FreeBSD.ORG Mon Aug 18 10:50:08 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CF2637B401 for ; Mon, 18 Aug 2003 10:50:08 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 815FF43FF9 for ; Mon, 18 Aug 2003 10:50:07 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h7IHo7Up064608 for ; Mon, 18 Aug 2003 10:50:07 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h7IHo7aZ064607; Mon, 18 Aug 2003 10:50:07 -0700 (PDT) Date: Mon, 18 Aug 2003 10:50:07 -0700 (PDT) Message-Id: <200308181750.h7IHo7aZ064607@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Ryan Mooney Subject: Re: conf/22102 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Ryan Mooney List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Aug 2003 17:50:08 -0000 The following reply was made to PR conf/22102; it has been noted by GNATS. From: Ryan Mooney To: Kris Kennaway Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: conf/22102 Date: Mon, 18 Aug 2003 06:55:11 -1000 --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Kris, I no longer have access to the systems that I was working on this on, so this may not be 100% as accurate as I'd like :) Basically the idea is that all the dirs in ${local_startup} are running mostly 3rd party vendor scripts - which are by nature less trusted. Since in /etc/rc the securelevel is not set until AFTER they run, if they "do something bad" (hack apache startup, whatever) they could do things to my system bypassing immutable files, etc... This COULD be partially solved by making all the vendor stuff immutable to, but when I started doing that, it ended up getting really ugly and I had to hit all the libraries, etc etc... as well. A simpler solution that elevated the security somewhat without any noticable side effects (in most cases unless someones rc.* script depended on an nfs client or a kerberos server running) was to simply move the local_startup code after net3 and securelevel. I don't know if anyone else is paranoid enough to care about this.. > Testing whether the email delivery problems persist. > > Kris -- >-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-< Ryan Mooney ryan@pcslink.com <-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=diffs *** rc Mon Aug 18 06:37:32 2003 --- rc.old Mon Aug 18 06:37:13 2003 *************** *** 685,712 **** echo '.' fi - if [ -n "${network_pass3_done}" ]; then - network_pass4 - fi - - # Late pass to set variables we missed the first time - # - if [ -r /etc/rc.sysctl ]; then - sh /etc/rc.sysctl last - fi - - # Raise kernel security level. This should be done only after `fsck' has - # repaired local file systems if you want the securelevel to be greater than 1. - # - case ${kern_securelevel_enable} in - [Yy][Ee][Ss]) - if [ "${kern_securelevel}" -ge 0 ]; then - echo 'Raising kernel security level: ' - sysctl kern.securelevel=${kern_securelevel} - fi - ;; - esac - # For each valid dir in $local_startup, search for init scripts matching *.sh # case ${local_startup} in --- 685,690 ---- *************** *** 738,743 **** --- 716,743 ---- done IFS="${script_save_sep}" echo '.' + ;; + esac + + if [ -n "${network_pass3_done}" ]; then + network_pass4 + fi + + # Late pass to set variables we missed the first time + # + if [ -r /etc/rc.sysctl ]; then + sh /etc/rc.sysctl last + fi + + # Raise kernel security level. This should be done only after `fsck' has + # repaired local file systems if you want the securelevel to be greater than 1. + # + case ${kern_securelevel_enable} in + [Yy][Ee][Ss]) + if [ "${kern_securelevel}" -ge 0 ]; then + echo 'Raising kernel security level: ' + sysctl kern.securelevel=${kern_securelevel} + fi ;; esac --45Z9DzgjV8m4Oswq--