From owner-freebsd-security Sun Apr 19 13:30:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA06160 for freebsd-security-outgoing; Sun, 19 Apr 1998 13:30:20 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA06151 for ; Sun, 19 Apr 1998 20:30:16 GMT (envelope-from robert@cyrus.watson.org) Received: from trojanhorse.pr.watson.org (trojanhorse.pr.watson.org [192.0.2.10]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id QAA29744; Sun, 19 Apr 1998 16:29:46 -0400 (EDT) Date: Sun, 19 Apr 1998 16:29:31 -0400 (EDT) From: Robert Watson X-Sender: robert@trojanhorse.pr.watson.org Reply-To: Robert Watson To: John-Mark Gurney cc: Cy Schubert - ITSD Open Systems Group , Philippe Regnauld , freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions In-Reply-To: <19980419130711.01465@hydrogen.nike.efn.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Sun, 19 Apr 1998, John-Mark Gurney wrote: > you know, there is a security hole in the /etc/rc scripts... > > inetd is run before the /etc/rc scripts are finished, which means that > there is a [significant] amount of time where inetd is started but the > machine hasn't raised the securelevel of the system... this can be > compounded if you have atalk on the system as it will take a while to > start up making the window all that much larger... My feeling was that the secure level needed to be raised before a number of the daemons start to prevent any racing conditions, and hence having a number of securelevels, gradually increasing the restrictions on the system as possible during the boot process (i.e., as soon as ipfw is configured correctly, disallow modification of ipfw settings, etc). Would using multiple rc scripts be desirable, or should we just have... rc: ... (trusted daemons) # bump securelevel sysctl -w kern.securelevel=2 ... (less trusted daemons) # bump securelevel sysctl -w kern.securelevel=3 ... (least trusted daemons) And so on. Robert N Watson ---- Carnegie Mellon University http://www.cmu.edu/ Trusted Information Systems http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message