Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 May 2002 15:41:53 -0700 (PDT)
From:      Paul Herman <pherman@frenchfries.net>
To:        Stephanie Wehner <_@r4k.net>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: file flags in /modules
Message-ID:  <20020522151939.I51256-100000@mammoth.eat.frenchfries.net>
In-Reply-To: <20020522194304.GA70619@r4k.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 May 2002, Stephanie Wehner wrote:

> Is there any particular reason why the immutable flag is turned
> on for /kernel, but not for any loadable modules ?

Facetious answer:
Yes.  To make you think more about security. :-)

Informative answer:
What good would it do?  Assuming securelevel > 0, the kernel won't
let you kldload(2) modules anyway.

You could rightly argue that someone could overwrite a particular
module and then reboot the machine in order to have it loaded, but
then /modules wouldn't be your only worry.  You'd have to protect
many files, including but not limited to:

  /modules
  /etc/rc
  /etc/rc.*
  /usr/local/etc/rc.d/*
  /boot/*
  /bin, /sbin, /usr/lib, and so on...

Which renders systems less usable than most people would like.
You don't want to go down that road.

securelevel is a nice comprimise for most people, but it has its
limitations.  If this is important to you, you might look into
mandatory access control systems used in trusted systems, like
TrustedBSD.

-Paul.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522151939.I51256-100000>