Date: Wed, 20 Apr 2005 17:47:08 -0500 From: Jon Noack <noackjr@alumni.rice.edu> To: Ronald Klop <ronald-freebsd8@klop.yi.org> Cc: freebsd-stable@freebsd.org Subject: [PATCH] securelevel and make installworld Message-ID: <4266DBEC.5000503@alumni.rice.edu> In-Reply-To: <opspjwj0x98527sy@smtp.local> References: <opspjrxucr8527sy@smtp.local> <4266C966.90701@alumni.rice.edu> <opspjwj0x98527sy@smtp.local>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------040307050102060801080306 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 04/20/05 16:56, Ronald Klop wrote: > On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack <noackjr@alumni.rice.edu> wrote: >> On 04/20/05 15:16, Ronald Klop wrote: >>> Can make installworld complain on startup if I try to run it with >>> securelevel > 0. >>> It will fail half way through on some files with nochg flags or >>> something like that. >> >> Design feature: >> 'schg' is the system immutable flag. Some system files are installed >> with 'schg' for security reasons; installworld must remove this flag >> in order to install a new version of these files. However, when >> securelevel > 0 system immutable flags may not be turned off (see >> init(8)). An attempt to remove the system immutable flag (set >> 'noschg') will therefore fail. As a result, installworld fails. >> >> Canonical answer: >> Reboot into single user mode to perform the installworld as >> documented in UPDATING and section 19.4.1 of the handbook. > > I understand the problem, otherwise I wouldn't have securelevel > 0. > Doing a remote install in single user mode isn't always possible. > And than it isn't very nice to break the installworld with an error. > Using the idea of 'fail early' it would be very nice too have a check > for securelevel in the installworld Makefile. The attached diff is against -CURRENT but applies cleanly to 5.4-RC3. It adds a check to the installworld target in src/Makefile.inc1 to ensure we are not in secure mode. This is just a quick hack; there may be a better way to do this (with SPECIAL_INSTALLCHECKS perhaps?). Regards, Jon --------------040307050102060801080306 Content-Type: text/x-patch; name="securelevel.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="securelevel.patch" Index: Makefile.inc1 =================================================================== RCS file: /home/ncvs/src/Makefile.inc1,v retrieving revision 1.492 diff -u -r1.492 Makefile.inc1 --- Makefile.inc1 6 Apr 2005 01:55:43 -0000 1.492 +++ Makefile.inc1 20 Apr 2005 22:39:27 -0000 @@ -471,6 +471,18 @@ kernel-toolchain: ${TOOLCHAIN_TGTS:N_includes:N_libraries} # +# checksecurelevel +# +# Ensures that the system is not running in secure mode. +# +SECURELEVEL!= sysctl -n kern.securelevel +checksecurelevel: +.if ${SECURELEVEL} > 0 + @echo "ERROR: securelevel = ${SECURELEVEL}; cannot proceed in secure mode." + false +.endif + +# # Use this to add checks to installworld/installkernel targets. # SPECIAL_INSTALLCHECKS= @@ -513,7 +525,7 @@ # # Installs everything compiled by a 'buildworld'. # -distributeworld installworld: installcheck +distributeworld installworld: checksecurelevel installcheck mkdir -p ${INSTALLTMP} for prog in [ awk cap_mkdb cat chflags chmod chown \ date echo egrep find grep \ --------------040307050102060801080306--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4266DBEC.5000503>