From owner-freebsd-security  Fri Mar 24 19:41:38 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id BC98937B7BD
	for <security@FreeBSD.ORG>; Fri, 24 Mar 2000 19:41:31 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA42021;
	Fri, 24 Mar 2000 20:41:27 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA59342; Fri, 24 Mar 2000 20:41:19 -0700 (MST)
Message-Id: <200003250341.UAA59342@harmony.village.org>
To: Harold Gutch <logix@foobar.franken.de>
Subject: Re: New article 
Cc: "Daniel C. Sobral" <dcs@newsguy.com>,
	Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>, security@FreeBSD.ORG
In-reply-to: Your message of "Fri, 24 Mar 2000 16:41:46 +0100."
		<20000324164146.A18107@foobar.franken.de> 
References: <20000324164146.A18107@foobar.franken.de>  <200003231326.IAA24776@blackhelicopters.org> <38DA7A60.B7C23121@newsguy.com> <38DA950C.D4DCE9CC@softweyr.com> <4.1.20000324022914.00cbed30@mail.rz.fh-wilhelmshaven.de> <38DB2B63.82552C96@newsguy.com> 
Date: Fri, 24 Mar 2000 20:41:18 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <20000324164146.A18107@foobar.franken.de> Harold Gutch writes:
: I'd say that depends on how paranoid you were when chflag-ing
: various files and directories, like /kernel, /boot, /etc/rc.*,
: /lkm etc..  Of course that won't buy you anything unless you're
: running in secure level 1 or higher.  security(7) is a nice
: introduction to this.

Of course it won't buy you anything.  Full stop.  Much of the boot
process executes at secure level 0, which means if you can compromize
even one file in the boot chain, you'll be able to do anything you
want.

: I have to agree though that I wouldn't trust a (root-)compromised
: machine anymore and would re-install it.  Nevertheless I still
: somehow doubt that an attacker could inject arbitrary code into
: the kernel on an otherwise correctly configured box, which then
: also implies "chflags -R /usr/src/sys schg" for example (and I'm
: sure I've forgotten a couple of other things here as well).

Don't put source on secure machines.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message