Date: Mon, 7 Feb 2005 15:19:13 -0800 From: Joshua Tinnin <krinklyfig@spymac.com> To: freebsd-newbies@freebsd.org Cc: Fabrice <FabriceMarchant@free.fr> Subject: Re: =?iso-8859-1?q?RE=B2=3A_FreeBSD_is?=dangerous! Message-ID: <200502071519.14386.krinklyfig@spymac.com> In-Reply-To: <20050207213935.C299EC0AE@postfix3-2.free.fr> References: <20050207120056.6442416A504@hub.freebsd.org> <20050207213935.C299EC0AE@postfix3-2.free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 07 February 2005 02:37 pm, Fabrice <FabriceMarchant@free.fr> wrote: > >> I installed FreeBSD 5.3. > >> When I mount_ext2fs my Linux partitions on the same computer, > >> FreeBSD give me access to them in R/WRITE mode without needing any > >> password > > ImobachGonzalez Sosa replied to me : > >What's wrong with that? > > Anybody with a FreeBSD install CD can modify my beloved data I store > in my debian Linux partitions. > Of course with a Linux rescue floppy is it possible to behave same > naughty way... > But, as I told to Joshua Tinnin : > "If I remember when I mounted a Linux partition - for example a > Debian one - on the ext2/3 filesystem of another Linux or Knoppix, it > was only possible to read, not to write on it. But a vfat filesystem > could be mounted on R/W mode." Yes, I didn't mean to be snide when I responded, just a bit sarcastic. The problem isn't specific to FreeBSD. Physical security is on a different level. If someone has access to the physical box, there's not a lot you can do to prevent them from removing the HDD or the box itself, other than physical measures like locks. This isn't to say there is no other way to do this. I suggest that if mounting a partition from another fs is a security problem in your particular setup, and the users on your system have authority to mount filesystems, you might want to consider encrypting the sensitive data, or even the entire partition. Someone who has authority could still mount it, but they couldn't read it. > albi wrote : > > if you mount FreeBSD from Linux, it will only mount it read-only, > > does that make Linux less dangerous ? ;-) > > I do not have tested cos I'm not able up to now to mount the FreeBSD > filesystem (UFS ?) on my Debian Linux. I asked how to perform this on > the french Linux Forum Léa-Linux > > http://lea-linux.org/pho/ > > but nobody helped me about this... Please Albi, can you explain to me > how to mount the FreeBSD partition on my ext2 or 3 filesystems ? You can mount UFS from Linux, but that's more of a Linux question anyway. I don't know the specific commands to do this, but it shouldn't be a whole lot different than other mount commands. Since this list isn't a tech help list, you might try -questions, but some people may also tell you that it's a Linux question. However, some quick searching reveals that ufs filesystems can be mounted read/write with the 2.6 kernel (maybe 2.1 and up) with something as simple as: mount -t ufs /dev/hda1 /mnt > > this behavior is pretty normal, from a Linux or FreeBSD > > installation you can easily mount a FAT-partition read/write on the > > same machine > > Yes, Linux do this with FAT but that doesn't hurt me because I > couldn't care less than Micro$oft vfat... > > > if you're interested in security maybe this webpage is interesting > > to read : > > http://www.defcon1.org/html/Security/Secure-Guide/secure-guide.html > > Thank you Albi ! I've a lot to learn about security. Well, again, once someone can mount stuff from the machine that you would rather they didn't, your options come down to encryption and physical security (AFAIK - I am no expert). You can designate what should(n't) be mounted in /etc/fstab, but of course this assumes you have control over that aspect of the system while other users do not. You can set user-level restrictions that should prevent this problem. A restricted user can't mount anything anyway. - jt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502071519.14386.krinklyfig>