Date: Wed, 20 Apr 2005 17:47:08 -0500 From: Jon Noack <noackjr@alumni.rice.edu> To: Ronald Klop <ronald-freebsd8@klop.yi.org> Cc: freebsd-stable@freebsd.org Subject: [PATCH] securelevel and make installworld Message-ID: <4266DBEC.5000503@alumni.rice.edu> In-Reply-To: <opspjwj0x98527sy@smtp.local> References: <opspjrxucr8527sy@smtp.local> <4266C966.90701@alumni.rice.edu> <opspjwj0x98527sy@smtp.local>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------040307050102060801080306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 04/20/05 16:56, Ronald Klop wrote:
> On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack <noackjr@alumni.rice.edu> wrote:
>> On 04/20/05 15:16, Ronald Klop wrote:
>>> Can make installworld complain on startup if I try to run it with
>>> securelevel > 0.
>>> It will fail half way through on some files with nochg flags or
>>> something like that.
>>
>> Design feature:
>> 'schg' is the system immutable flag. Some system files are installed
>> with 'schg' for security reasons; installworld must remove this flag
>> in order to install a new version of these files. However, when
>> securelevel > 0 system immutable flags may not be turned off (see
>> init(8)). An attempt to remove the system immutable flag (set
>> 'noschg') will therefore fail. As a result, installworld fails.
>>
>> Canonical answer:
>> Reboot into single user mode to perform the installworld as
>> documented in UPDATING and section 19.4.1 of the handbook.
>
> I understand the problem, otherwise I wouldn't have securelevel > 0.
> Doing a remote install in single user mode isn't always possible.
> And than it isn't very nice to break the installworld with an error.
> Using the idea of 'fail early' it would be very nice too have a check
> for securelevel in the installworld Makefile.
The attached diff is against -CURRENT but applies cleanly to 5.4-RC3.
It adds a check to the installworld target in src/Makefile.inc1 to
ensure we are not in secure mode.
This is just a quick hack; there may be a better way to do this (with
SPECIAL_INSTALLCHECKS perhaps?).
Regards,
Jon
--------------040307050102060801080306
Content-Type: text/x-patch;
name="securelevel.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="securelevel.patch"
Index: Makefile.inc1
===================================================================
RCS file: /home/ncvs/src/Makefile.inc1,v
retrieving revision 1.492
diff -u -r1.492 Makefile.inc1
--- Makefile.inc1 6 Apr 2005 01:55:43 -0000 1.492
+++ Makefile.inc1 20 Apr 2005 22:39:27 -0000
@@ -471,6 +471,18 @@
kernel-toolchain: ${TOOLCHAIN_TGTS:N_includes:N_libraries}
#
+# checksecurelevel
+#
+# Ensures that the system is not running in secure mode.
+#
+SECURELEVEL!= sysctl -n kern.securelevel
+checksecurelevel:
+.if ${SECURELEVEL} > 0
+ @echo "ERROR: securelevel = ${SECURELEVEL}; cannot proceed in secure mode."
+ false
+.endif
+
+#
# Use this to add checks to installworld/installkernel targets.
#
SPECIAL_INSTALLCHECKS=
@@ -513,7 +525,7 @@
#
# Installs everything compiled by a 'buildworld'.
#
-distributeworld installworld: installcheck
+distributeworld installworld: checksecurelevel installcheck
mkdir -p ${INSTALLTMP}
for prog in [ awk cap_mkdb cat chflags chmod chown \
date echo egrep find grep \
--------------040307050102060801080306--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4266DBEC.5000503>