From owner-freebsd-security Wed Oct 4 21:56:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailer.progressive-comp.com (docs3.abcrs.com [63.238.77.222]) by hub.freebsd.org (Postfix) with ESMTP id 2373C37B503 for ; Wed, 4 Oct 2000 21:56:25 -0700 (PDT) Received: (from docs@localhost) by mailer.progressive-comp.com with id AAA32275; Thu, 5 Oct 2000 00:53:21 -0400 Date: Thu, 5 Oct 2000 00:53:21 -0400 Message-Id: <200010050453.AAA32275@mailer.progressive-comp.com> From: Hank Leininger Reply-To: Hank Leininger To: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) X-Shameless-Plug: Check out http://marc.theaimsgroup.com/ X-Warning: This mail posted via a web gateway at marc.theaimsgroup.com X-Warning: Report any violation of list policy to abuse@progressive-comp.com X-Posted-By: Hank Leininger Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-10-05, Dima Dorfman wrote: > > On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote: > > Except you can still just mount a doctored copy over the top of it > Actually, now that I think about it, this can be detered to a certain > point. If you're running with securelevel >= 2, you can't load KLDs, > and you can't run newfs. What would you mount? A vn device? Nope, > unless the KLD is already loaded. A floppy? If you have physical Perhaps this is a stupid question, but why is mount particularly needed at high securelevels? So long as unmount(2) can be called by shutdown scripts. Hm... remounting / ro before halt/reboot perhaps... but perhaps that behavior could be straightforward-ly special cased? It's not like mount(2) is a hot path =) And/or, disallow mounts to mount points which are not regular, empty directories, if securelevel >= 2? What legit uses (that could not be learned around by an admin) would this break? -- Hank Leininger To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message