From owner-freebsd-security  Fri Jun 25  0:12: 0 1999
Delivered-To: freebsd-security@freebsd.org
Received: from jason.argos.org (a1-3b169.neo.rr.com [24.93.181.169])
	by hub.freebsd.org (Postfix) with ESMTP id EE83B14D2B
	for <freebsd-security@FreeBSD.ORG>; Fri, 25 Jun 1999 00:11:56 -0700 (PDT)
	(envelope-from mike@argos.org)
Received: from localhost (mike@localhost)
	by jason.argos.org (8.9.1/8.9.1) with ESMTP id DAA02357;
	Fri, 25 Jun 1999 03:16:23 -0400
Date: Fri, 25 Jun 1999 03:16:22 -0400 (EDT)
From: Mike Nowlin <mike@argos.org>
To: Frank Tobin <ftobin@bigfoot.com>
Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG>
Subject: Re: file flags during low securelevels
In-Reply-To: <Pine.BSF.4.10.9906250107320.63311-100000@srh0710.urh.uiuc.edu>
Message-ID: <Pine.LNX.4.05.9906250257001.2338-100000@jason.argos.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> This doesn't preserve the current state of flags on the filesystem.  It
> requires the admin going back through and resetting all the flags.
> 
> Like I stated before, having this sort of knob would allow various
> programs on startup to ignore the state of these flags before the
> securelevel is raised, permitting them to do various things like rotate
> syslog, write out state information (SKIP), and a few other things.  There
> are probably a lot I'm not thinking off.

During startup, you know what's going on...  If you're going to write
script files to do things like rotate logs, what's the point of adding
extra bulk to the kernel (not to mention something else I have to teach my
clients) when you can do something like this:

1.  Unlock the files
2.  Rotate the files
3.  Lock the files

If you're writing the scripts, the extra couple of lines it takes to
handle this doesn't really require changes to the kernel and the addition
of possible security holes.  As far as I'm concerned, the file flags that
are present in the system do more for protecting the system against an
unexperienced person learning FreeBSD than keeping Joe Weenie who just
broke into your box from erasing the logs...  Which one happens more
often?

If you're running around making /bin/date immutable, sticking these files
into a "fixfileflags" script to be run after "make world" shouldn't be too
tough.

(Disclaimer:  This message was written after getting really ticked off
from staring at an oscilloscope for the last six hours, trying to figure
out what's wrong with one of the coax backbones at work, then coming home
and "debugging" a Budweiser 6-pack board.  :)  Forgive me.)

--Mike




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message