From owner-freebsd-security Wed May 22 16:43:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from r4k.net (r4k.net [212.26.197.210]) by hub.freebsd.org (Postfix) with ESMTP id 9DEC937B401 for ; Wed, 22 May 2002 16:43:15 -0700 (PDT) Received: from shell.r4k.net (localhost [127.0.0.1]) by r4k.net (Postfix) with ESMTP id 3C7AB22EFA; Thu, 23 May 2002 01:43:09 +0200 (CEST) Received: (from _@localhost) by shell.r4k.net (8.12.2/8.12.2/Submit) id g4MNh8Aq091077; Thu, 23 May 2002 01:43:08 +0200 (CEST) Date: Thu, 23 May 2002 01:43:08 +0200 From: Stephanie Wehner <_@r4k.net> To: Paul Herman Cc: freebsd-security@FreeBSD.ORG Subject: Re: file flags in /modules Message-ID: <20020522234308.GA88468@r4k.net> References: <20020522194304.GA70619@r4k.net> <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Wed, 22 May 2002, Stephanie Wehner wrote: > > > Is there any particular reason why the immutable flag is turned > > on for /kernel, but not for any loadable modules ? > > You could rightly argue that someone could overwrite a particular > module and then reboot the machine in order to have it loaded, but > then /modules wouldn't be your only worry. You'd have to protect > many files, including but not limited to: sure. but it's not the same to replace a userland program then to load your own kernel code (which as you pointed out is indeed not possible if the security level has been raised) and which is what would happen if I overwrote a kernel module and rebooted your box. I just found it a bit half hearted that this flag was set by default for /kernel, but not for /modules/*. Perhaps giving someone who is less familar with this the wrong impression. (eg using this secure, even more secure, whatever setting I've seen in sysinstall lately) That's all. :) bye, Stephanie --<> _@r4k.net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message