Date: Sun, 17 Oct 1999 12:06:20 -0700 From: Doug <Doug@gorean.org> To: Justin Wells <jread@semiotek.com> Cc: Antoine Beaupre <beaupran@IRO.UMontreal.CA>, Mike Nowlin <mike@argos.org>, "Rashid N. Achilov" <shelton@sentry.granch.ru>, freebsd-security@FreeBSD.ORG Subject: Re: kern.securelevel and X Message-ID: <380A1E2C.CCA326F5@gorean.org> References: <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Justin Wells wrote:
> The problem with securelevel, in my mind, is that an attacker who
> got root would simply write stuff into the /etc/rc scripts and then
> force the machine to reboot.
>
> It would be very difficult to set the schg flag on every possible
> file that gets run as root during bootup.
>
> Does anyone have any clever solutions?
Mount / read only.
Doug
--
"Stop it, I'm gettin' misty."
- Mel Gibson as Porter, "Payback"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?380A1E2C.CCA326F5>