Date: Mon, 30 Oct 2023 00:21:04 +0200 From: Peter Pentchev <roam@ringlet.net> To: freebsd-security@freebsd.org Subject: Re: securelevel 1 Message-ID: <ZT7a0PcvuVdzQQU7@straylight.ringlet.net> In-Reply-To: <ZTshtJvtxipTsf2B@int21h> References: <ZTeaGFZjvcsKfbOW@int21h> <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org> <663fd243-94ec-40c1-ac66-ca8e3d5f278d@quip.cz> <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com> <86ttqd12y1.fsf@ltc.des.no> <ZTshtJvtxipTsf2B@int21h>
next in thread | previous in thread | raw e-mail | index | archive | help
--+KrF+88Xv48gcpmN Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 27, 2023 at 03:34:28AM +0100, void wrote: > On Thu, Oct 26, 2023 at 11:36:22PM +0200, Dag-Erling Sm=C3=B8rgrav wrote: > > void <void@f-m.fm> writes: > > > In order to accomplish what I'd like, I understand that I'd need to s= et +schg > > > on the individual logs, then set the securelevel afterwards and reboo= t. > >=20 > > If you set the log file +schg, it can't be written to at all. That's > > obviously not what you want. >=20 > Yes, I'm sorry; I meant to type +sappnd >=20 > > If you set it +sappnd, it can be written to, and newsyslog will be able > > to rotate it; an attacker with superuser privileges will also be able to > > replace it with a doctored file. >=20 > Yes. But if sappend is set on the required files, and then securelevel=3D1 > is set, then nothing can change the flag while the system is multiuser. > That is, if I'm understanding correctly? >=20 > So, on such a system, if I understand correctly, newsyslog would need to = be > turned off. newsyslog does not need to change the file; it renames the file, then it tells syslog to start a new one (one that does not exist until that point in time), and then newsyslog may also read the renamed file, compress the data, write it to yet another new file, etc. So setting +sappnd on a logfile should not prevent newsyslog from processing it. However, the fact that the file is renamed and a brand new one is created in its place probably means that the new logfile will *not* have the +sappnd flag set. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 --+KrF+88Xv48gcpmN Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmU+2soACgkQZR7vsCUn 3xNL3xAAsyl6lyyoUdX9K86W6cpus4qgEe3oOiCYoSeC91jyephUMsp425oqCoDx wsftAfq92plctQfNHPPBReQVmMcbyC22UQ4/nZWJrIvfNAzYgxI/7bsbP4jNL1SP k1VV3880h4ssa+VqxRvrVyvzzUN/zWgXqpxKHAyEAQmqOq4psDdQYOAwLNb3A1rH l+W173Iy5GBxSsuc3p+qam9h6t9/q5RBFedAfXLYM0axltvwZwCigoV7mo1Plkwc /IRqrVwbm1ExnX2qgGSSET2TbWG9tiFnqFvsF3WC5uFXtk/BIf1MoRea1713GLB6 5m/npvg+OsHZ4yAQi/vx/zBDikkcIiCn6+b9c+Kny/wXNDnOlflbTQgykMDwlcwN vvto+1u82UrA10Zfpq3Msa0sOCodgVdmYWhi8JuJAzjELtWyPZTgeBANnTie92Gm cjXXq0Rw6SCmYQwEbqDi1KDXxezduiqcmAlqkA0+lTK9mVxVv0bwt/2SO/Nd7ZhN /jc+Drh3J1bYVPpbP7rj+lkWV1lPsirOh1kRBjfyyHwZAq0wVleeyJhrsXCzQhO0 OAbD11Gg7LZ7N31cUklQbHtqY9/HtL0cCxNg1uWy1hr52irkYoKQVcikWjKlEArG /bAfA7JSbrueFBK9TO/5mHy0LEPEMWenOkP10c1SwvzHGRBcqgY= =uUL9 -----END PGP SIGNATURE----- --+KrF+88Xv48gcpmN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZT7a0PcvuVdzQQU7>