Date: Wed, 22 May 2002 15:41:53 -0700 (PDT) From: Paul Herman <pherman@frenchfries.net> To: Stephanie Wehner <_@r4k.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: file flags in /modules Message-ID: <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> In-Reply-To: <20020522194304.GA70619@r4k.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 May 2002, Stephanie Wehner wrote: > Is there any particular reason why the immutable flag is turned > on for /kernel, but not for any loadable modules ? Facetious answer: Yes. To make you think more about security. :-) Informative answer: What good would it do? Assuming securelevel > 0, the kernel won't let you kldload(2) modules anyway. You could rightly argue that someone could overwrite a particular module and then reboot the machine in order to have it loaded, but then /modules wouldn't be your only worry. You'd have to protect many files, including but not limited to: /modules /etc/rc /etc/rc.* /usr/local/etc/rc.d/* /boot/* /bin, /sbin, /usr/lib, and so on... Which renders systems less usable than most people would like. You don't want to go down that road. securelevel is a nice comprimise for most people, but it has its limitations. If this is important to you, you might look into mandatory access control systems used in trusted systems, like TrustedBSD. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522151939.I51256-100000>