Date: Thu, 16 Apr 1998 13:34:06 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: rotel@indigo.ie Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, freebsd-security@FreeBSD.ORG Subject: Re: securelevels and more liberal use of schg on system files (fwd) Message-ID: <199804161734.NAA06347@khavrinen.lcs.mit.edu> In-Reply-To: <199804161429.PAA02651@indigo.ie> References: <robert@cyrus.watson.org> <199804161429.PAA02651@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 16 Apr 1998 15:29:32 +0000, Niall Smart <rotel@indigo.ie> said: > The default protections applied by make installworld seem to be > rather half hearted alright. :) Anyone planning to run with > securelevel >0 with the current install script would be well advised > to supplement them. It would be very nice to see someone think > through which binaries need to be protected as part of an overall > brainstorming session about making securelevels useful. My secure system runs with all major system directories append-only. In order for an attacker to replace an important program, he would first have to delete it (since he can't open it for write), which sappnd prevents. It also has a very restricted set of network services: anon ftp, Web cache, eklogin, and CVSup mirror---that's it. (Well, you can probably finger it, too.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804161734.NAA06347>