Date: Tue, 28 Dec 1999 14:07:39 -0500 (EST) From: Spidey <beaupran@iro.umontreal.ca> To: freebsd-security@freebsd.org Subject: Mounting / Read-Only Message-ID: <14441.2683.366094.187063@anarcat.dyndns.org>
next in thread | raw e-mail | index | archive | help
Hi! I am currently in the process of enforcing a policy of / and /usr being mounted read-only. I would like to know if other people have tried this policy and/or the modifications that have been needed. Right now, I have been forced to turn off "UPDATE_MOTD" (duh!). There is also the following lines in /etc/rc # Whack the pty perms back into shape. chflags 0 /dev/tty[pqrsPQRS]* chmod 666 /dev/tty[pqrsPQRS]* chown root:wheel /dev/tty[pqrsPQRS]* that give annoying warnings (read-only filesystem). A good idea would be to change it to: # Whack the pty perms back into shape. chflags 0 /dev/tty[pqrsPQRS]* 2> /dev/null chmod 666 /dev/tty[pqrsPQRS]* 2> /dev/null chown root:wheel /dev/tty[pqrsPQRS]* 2> /dev/null since it does not produce any output normally either. I was also wondering... If we can modify the status (RW/RO) of a mounted filesystem (/ included) with mount -u, why bother? :)) What is the purpose of mounting a filesystem ReadOnly, since it can be disabled? Does it serve the same function as the schg flag? I think the securelevel does not change this behavior, right? Anyways, any personal experiences or advices are welcome. Thanks The AnarCat -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora ------- end of forwarded message ------- -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14441.2683.366094.187063>