Date: Mon, 24 Jan 2000 09:51:05 +0100 From: "Mahmoud Chilali" <mchilali@nettoll.com> To: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU>, "Spidey" <beaupran@iro.umontreal.ca> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: Mounting / Read-Only Message-ID: <NDBBJDFPGLMLFHLNEEOMOEAHDMAA.mchilali@nettoll.com> In-Reply-To: <Pine.BSF.4.10.9912281117240.46739-100000@smarter.than.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian W. Buchanan wrote > Mounting a filesystem read-only is not a security measure. It gains you > nothing if root is compromised. If we follow this arg, then firewalls are not a security measure. they gain you nothing if hacked! If mounting an FS ro is not a securiyt measure, then what could it be? is it there only for unix courses? why should I mount anything ro and why should I set a file ro if not for security? While this does not guarantee compelte seurity, it gives a certain LEVEL of security. security is not a binary question. a server, file, ... is not secure or unsecure. It has a level of security. it may be more secure because we have done something to achieve a higher degree of security. This is the same thing as applying a pacth to fix a securit hole. It does not protect from unknown attacks, but it does however protect from known attacks. similarly, mounting an FS ro does not protect from unrelated attacks, but it makes modifying a file without remounting the FS (or using a kernel bug impossible, but thats a complex matter). remounting an FS may be made hard by modifying the "mount" system call. One could imagine an authentication when mount is executed after the system is in multiuser state. This is much easier than trying to protect every file, because you have a lot of files to protect! This is similar to using a firewall to protect a network: one can theoritically secure every host, nd so no FW is needed. however, that would be a nightmare if not impossible. he central concept here is centralization: control files by simply cotrolling a flag of the FS they are on. or you can call this delagtion. I delegate to "mount" the task of checking individual files. This s yet the "put all your eggs in one basket and watch that basket" principle. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBJDFPGLMLFHLNEEOMOEAHDMAA.mchilali>