Date: 26 Aug 2000 15:28:48 +0200 From: Slawek Zak <zaks@prioris.mini.pw.edu.pl> To: freebsd-security@freebsd.org Subject: Re: Securelevel and rw-remount Message-ID: <87n1i0talr.fsf@pf39.warszawa.sdi.tpnet.pl> In-Reply-To: Bruce Evans's message of "Sat, 26 Aug 2000 17:46:21 %2B1000 (EST)" References: <Pine.BSF.4.21.0008261740530.2018-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans <bde@zeta.org.au> writes: > On 25 Aug 2000, Slawek Zak wrote: > > > Could someone tell me why is it possible to remount a read-only > > mounted filesystem read-write after the securelevel is raised to 3? It > > seems dangerous. > > Same reasonable as it is possible to use unmount and mount after the > securelevel is raised to 3: someone considered this necessary for > normal operation. Well - I wouldn't call running system with secure level raised to 3 "normal operation". And yes - umounting fixed device filesystems should be disabled (securelevel 4?) > This seems reasonable, since disks can't be written to at > securelevel 3, and a secure system shouldn't have any insecure > devices attached, whether or not they are mounted. Well - device mounted ro without the possibilty to write to it either thru fs layer or raw device I *would* call secure. You can have it using chflags -R schg, but it is very inconvenient when you boot to single user and want to change something. /S -- "An expert is someone who knows more and more about less and less until he/she knows absolutely everything about nothing." --Weber's definition of Expert * Suavek Zak / PGP: finger://zaks@prioris.mini.pw.edu.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87n1i0talr.fsf>