Re: file flags in /modules

From: Paul Herman (pherman@frenchfries.net)
Date: 05/23/02 

Date: Wed, 22 May 2002 15:41:53 -0700 (PDT)
From: Paul Herman <pherman@frenchfries.net>
To: Stephanie Wehner <_@r4k.net>

On Wed, 22 May 2002, Stephanie Wehner wrote:

> Is there any particular reason why the immutable flag is turned
> on for /kernel, but not for any loadable modules ?

Facetious answer:
Yes. To make you think more about security. :-)

Informative answer:
What good would it do? Assuming securelevel > 0, the kernel won't
let you kldload(2) modules anyway.

You could rightly argue that someone could overwrite a particular
module and then reboot the machine in order to have it loaded, but
then /modules wouldn't be your only worry. You'd have to protect
many files, including but not limited to:

  /modules
  /etc/rc
  /etc/rc.*
  /usr/local/etc/rc.d/*
  /boot/*
  /bin, /sbin, /usr/lib, and so on...

Which renders systems less usable than most people would like.
You don't want to go down that road.

securelevel is a nice comprimise for most people, but it has its
limitations. If this is important to you, you might look into
mandatory access control systems used in trusted systems, like
TrustedBSD.

-Paul.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message