From owner-freebsd-security Mon Jan 24 0:40:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail02.rapidsite.net (mail02.rapidsite.net [207.158.192.68]) by hub.freebsd.org (Postfix) with SMTP id E6E6114E45 for ; Mon, 24 Jan 2000 00:40:41 -0800 (PST) (envelope-from mchilali@nettoll.com) Received: from www.nettoll.com (209.130.51.127) by mail02.rapidsite.net (RS ver 1.0.53) with SMTP id 19918; Mon, 24 Jan 2000 03:40:26 -0500 (EST) From: "Mahmoud Chilali" To: "Brian W. Buchanan" , "Spidey" Cc: Subject: RE: Mounting / Read-Only Date: Mon, 24 Jan 2000 09:51:05 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal X-Loop-Detect: 1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian W. Buchanan wrote > Mounting a filesystem read-only is not a security measure. It gains you > nothing if root is compromised. If we follow this arg, then firewalls are not a security measure. they gain you nothing if hacked! If mounting an FS ro is not a securiyt measure, then what could it be? is it there only for unix courses? why should I mount anything ro and why should I set a file ro if not for security? While this does not guarantee compelte seurity, it gives a certain LEVEL of security. security is not a binary question. a server, file, ... is not secure or unsecure. It has a level of security. it may be more secure because we have done something to achieve a higher degree of security. This is the same thing as applying a pacth to fix a securit hole. It does not protect from unknown attacks, but it does however protect from known attacks. similarly, mounting an FS ro does not protect from unrelated attacks, but it makes modifying a file without remounting the FS (or using a kernel bug impossible, but thats a complex matter). remounting an FS may be made hard by modifying the "mount" system call. One could imagine an authentication when mount is executed after the system is in multiuser state. This is much easier than trying to protect every file, because you have a lot of files to protect! This is similar to using a firewall to protect a network: one can theoritically secure every host, nd so no FW is needed. however, that would be a nightmare if not impossible. he central concept here is centralization: control files by simply cotrolling a flag of the FS they are on. or you can call this delagtion. I delegate to "mount" the task of checking individual files. This s yet the "put all your eggs in one basket and watch that basket" principle. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message