Date: Sat, 19 Jun 1999 23:11:03 -0700 (PDT) From: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <Pine.BSF.4.05.9906192235070.70357-100000@smarter.than.nu> In-Reply-To: <199906200450.OAA05782@cheops.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Jun 1999, Darren Reed wrote: > Man, that's nasty. Reboot to restart something. Security and convenience are almost always a tradeoff. Running at securelevel 1 (and using it properly) means you can't upgrade a lot of stuff live, can't purge logs, can't load modules, etc. Running at securelevel 2 means you can't newfs while running multi-user. Level 3 means you can't change your IPFW rules. Each time you tighten security, you give up a little convenience to gain a little peace of mind. In the proposed case, people who are paranoid about having a root compromise lead to someone binding a modified version of sshd or other login daemon to steal passwords can bring the system to securelevel 4 after daemon startup and ensure that the attacker cannot simply kill sshd and replace it. Well-written daemons should *not* die unless killed, and if you're running with a positive securelevel, you've already given up the luxury of live upgrades. To minimize downtime due to dead daemons, just spawn everything from inetd and make darn sure that inetd won't die unless root decides it should. Anyway, this all boils down to a matter of choice. If you value being able to restart daemons without rebooting, then don't use this level of protection. -- Brian Buchanan brian@CSUA.Berkeley.EDU -------------------------------------------------------------------------- FreeBSD - The Power to Serve! http://www.freebsd.org daemon(n): 1. an attendant power or spirit : GENIUS 2. the cute little mascot of the FreeBSD operating system To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906192235070.70357-100000>