Date: Mon, 18 Aug 2003 10:50:07 -0700 (PDT) From: Ryan Mooney <ryan@pcslink.com> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/22102 Message-ID: <200308181750.h7IHo7aZ064607@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/22102; it has been noted by GNATS.
From: Ryan Mooney <ryan@pcslink.com>
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/22102
Date: Mon, 18 Aug 2003 06:55:11 -1000
--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Kris,
I no longer have access to the systems that I was working on this on,
so this may not be 100% as accurate as I'd like :)
Basically the idea is that all the dirs in ${local_startup} are running
mostly 3rd party vendor scripts - which are by nature less trusted.
Since in /etc/rc the securelevel is not set until AFTER they run, if
they "do something bad" (hack apache startup, whatever) they could do
things to my system bypassing immutable files, etc... This COULD be
partially solved by making all the vendor stuff immutable to, but
when I started doing that, it ended up getting really ugly and I
had to hit all the libraries, etc etc... as well.
A simpler solution that elevated the security somewhat without any
noticable side effects (in most cases unless someones rc.* script
depended on an nfs client or a kerberos server running) was to simply
move the local_startup code after net3 and securelevel.
I don't know if anyone else is paranoid enough to care about this..
> Testing whether the email delivery problems persist.
>
> Kris
--
>-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-<
Ryan Mooney ryan@pcslink.com
<-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=->
--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=diffs
*** rc Mon Aug 18 06:37:32 2003
--- rc.old Mon Aug 18 06:37:13 2003
***************
*** 685,712 ****
echo '.'
fi
- if [ -n "${network_pass3_done}" ]; then
- network_pass4
- fi
-
- # Late pass to set variables we missed the first time
- #
- if [ -r /etc/rc.sysctl ]; then
- sh /etc/rc.sysctl last
- fi
-
- # Raise kernel security level. This should be done only after `fsck' has
- # repaired local file systems if you want the securelevel to be greater than 1.
- #
- case ${kern_securelevel_enable} in
- [Yy][Ee][Ss])
- if [ "${kern_securelevel}" -ge 0 ]; then
- echo 'Raising kernel security level: '
- sysctl kern.securelevel=${kern_securelevel}
- fi
- ;;
- esac
-
# For each valid dir in $local_startup, search for init scripts matching *.sh
#
case ${local_startup} in
--- 685,690 ----
***************
*** 738,743 ****
--- 716,743 ----
done
IFS="${script_save_sep}"
echo '.'
+ ;;
+ esac
+
+ if [ -n "${network_pass3_done}" ]; then
+ network_pass4
+ fi
+
+ # Late pass to set variables we missed the first time
+ #
+ if [ -r /etc/rc.sysctl ]; then
+ sh /etc/rc.sysctl last
+ fi
+
+ # Raise kernel security level. This should be done only after `fsck' has
+ # repaired local file systems if you want the securelevel to be greater than 1.
+ #
+ case ${kern_securelevel_enable} in
+ [Yy][Ee][Ss])
+ if [ "${kern_securelevel}" -ge 0 ]; then
+ echo 'Raising kernel security level: '
+ sysctl kern.securelevel=${kern_securelevel}
+ fi
;;
esac
--45Z9DzgjV8m4Oswq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308181750.h7IHo7aZ064607>