Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 31 May 2001 08:30:09 -0400
From:      Dan Pelleg <dpelleg+bsd@REMOVEcs.cmu.edu>
To:        freebsd-security@freebsd.org
Cc:        freebsd-stable@freebsd.org
Subject:   remounts (was: Re: adding "noschg" to ssh and friends)
Message-ID:  <20010531123020.6044537B422@hub.freebsd.org>

next in thread | raw e-mail | index | archive | help

"Karsten W. Rohrbach" <karsten@rohrbach.de> wrote:
> there are some real high-impact tweaks to be a little bit safer from
> rootkits. one of them is mounting /tmp noexec. drawback: you got to
> remount it exec for make installworld.

 I always wondered... Why are remounts permitted in all securelevels? I
mean, in a locked-down system where it's acceptable to force a reboot in
order to upgrade (or run a rootkit), I should be able to enforce read-only
mounts. Currently anyone (well, root) can just mount -u -w them.

 Is this an implementation problem in mount(2)? (I haven't looked at the
code). Or is this going to break things for people (amd?  in high
securelevels?). What am I missing?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010531123020.6044537B422>