From owner-freebsd-arch Thu Mar 15 0:16:10 2001 Delivered-To: freebsd-arch@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 88D5537B71A for ; Thu, 15 Mar 2001 00:16:07 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f2F8G6920260 for ; Thu, 15 Mar 2001 01:16:06 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103150816.f2F8G6920260@harmony.village.org> To: freebsd-arch@FreeBSD.ORG Subject: Re: flags settings for modules In-reply-to: Your message of "Wed, 14 Mar 2001 11:16:29 PST." <20010314111629.A1018@dragon.nuxi.com> References: <20010314111629.A1018@dragon.nuxi.com> Date: Thu, 15 Mar 2001 01:16:06 -0700 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20010314111629.A1018@dragon.nuxi.com> "David O'Brien" writes: : So the question is do we want to keep my change? If so, shouldn't we use : "schg" in a *lot* more places? Otherwise it's use is nebulous I think the change is premature. Until such time as we have a convenient way to build a system that all vectors to compromise of schg have been plugged, setting it to gain "security" is at best folly. I do not argue that one could set schg on files by hand and might be able to not miss any, such an undertaking is still very very difficult. You have to make sure that all the rc scripts are schg. And then all scripts that are run before we raise secure level. And all binaries that are touched (and facist path policing of all scripts). And then there's all the libraries that are linked in against those binaries. And then there are all the modules loaded by default or by the loader. And you have to secure the loader agianst change in a similar way. And let's not forget any config files that all these files/programs use. Oh, and let's not forget those things that are too obscure for me to think of there. There are likely items in the list that I've forgotten. Since the list is still so long, and since there's no one working on tightening things up, I think that adding schg to modules is premature and will cause more hassles than it is worth. Before people think that I don't think that this is worth it, or that I have a negative attitude, I would like to point out that I think work in this area would be beneficial. Warmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message