Date: Mon, 18 Oct 1999 02:47:05 -0400 From: Justin Wells <jread@semiotek.com> To: Doug <Doug@gorean.org> Cc: Justin Wells <jread@semiotek.com>, Antoine Beaupre <beaupran@IRO.UMontreal.CA>, Mike Nowlin <mike@argos.org>, "Rashid N. Achilov" <shelton@sentry.granch.ru>, freebsd-security@FreeBSD.ORG Subject: Re: kern.securelevel and X Message-ID: <19991018024704.A512@semiotek.com> In-Reply-To: <380A1E2C.CCA326F5@gorean.org> References: <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 17, 1999 at 12:06:20PM -0700, Doug wrote:
> > The problem with securelevel, in my mind, is that an attacker who
> > got root would simply write stuff into the /etc/rc scripts and then
> > force the machine to reboot.
...
> > Does anyone have any clever solutions?
>
> Mount / read only.
That is clever. I even thought it was work, and tried it. However,
there are a couple of problems:
1) securelevel does not stop root from remounting / read-write,
since mount is specifically excepted (I tried it too, I was
able to do a "mount -u -o rw /" at securelevel 3 as root)
2) mounting / read only is nasty anyway, since you lose the
ability to chown /dev/tty* which makes some things act
very weird (many programs expect you will own your tty
or else they get angry)
So, any more clever suggestions?
Maybe at securelevel 3 you should not be allowed to change the
mount table either (no mounting and no umounting, period). That
and a solution to the tty problem would make things fairly secure.
Justin
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991018024704.A512>