Date: Wed, 18 Oct 2000 19:01:31 -0700 (PDT) From: ryanm@mhpcc.edu To: freebsd-gnats-submit@FreeBSD.org Subject: conf/22102: Local scripts get run before securelevel is elevated Message-ID: <20001019020131.1609137B4C5@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 22102
>Category: conf
>Synopsis: Local scripts get run before securelevel is elevated
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 18 19:10:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Ryan Mooney
>Release: 4.1.1-RELEASE
>Organization:
MHPCC
>Environment:
FreeBSD xxxx.xxx.edu 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #1: Wed Oct 18 10:47:43 HST 2000 ryanm@mhpcc.edu:/usr/src/sys/compile/mykernel i386
>Description:
While hardening some systems I was examining the flow of control through
/etc/rc in regards to how that might potentially compromise my useage of
chflags schg on various system binaries/config files. I have made
/etc/rc* and /etc/*conf immutable as well as various system binaries
(/bin, /sbin, etc.). The problem arose in that the scripts in
${local_startup} are run before the securelevel is increased. Unless
all of those directories (and files therein) are also immutable this
opens a window of opportunity in that a clever hacker could use those
initialization scripts to undo the immutable flags on my other files,
modify them and I would be no wiser. I started examining the potential
of making all the ${local_startup} directories/files immutable, but
it quickly became evident that that would be somewhat of a slippery
slope to travel down.
Moving the ${network_pass3_done} and ${kern_securelevel_enable} code
above the ${local_startup} doesn't seem to have (?any?) side affects
and solves this problem quite nicely. There may be a better solution
and if so I'd love to hear it :-)
>How-To-Repeat:
>Fix:
Obviously this diff won't apply after I've cut/pasted, but the
result should be obvious enough...
*** rc.orig Wed Oct 18 15:45:06 2000
--- rc Wed Oct 18 15:45:17 2000
***************
*** 564,569 ****
--- 564,585 ----
echo '.'
fi
+ if [ -n "${network_pass3_done}" ]; then
+ network_pass4
+ fi
+
+ # Raise kernel security level. This should be done only after `fsck' has
+ # repaired local file systems if you want the securelevel to be greater than 1
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001019020131.1609137B4C5>