Re: Question about securelevel
From: Jim Zajkowski (jim_at_jimz.net)
Date: 02/11/04
- Previous message: roberto_at_redix.it: "Re: Question about securelevel"
- In reply to: roberto_at_redix.it: "Re: Question about securelevel"
- Next in thread: Patrick Proniewski: "Re: Question about securelevel"
- Reply: Patrick Proniewski: "Re: Question about securelevel"
- Reply: Ted Cabeen: "Re: Question about securelevel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Feb 2004 10:35:07 -0500 To: freebsd-security@freebsd.org
On Feb 11, 2004, at 10:24 AM, roberto@redix.it wrote:
> Yes I agree with you: a secure system should be read-only fs, but to
> overcome the drawbacks of a CDROM, I can use a standard hardisk with a
> read-only file system while securelevel==3. The writable file system
> should be available in single user mode only on console.
If I figure out how to make your filesystem remount read-write without
a reboot, the game is over.
Running off a CD with a server which has a drive which cannot write
discs, it doesn't much matter if I figured out how to change the RO
mount or not, since the media itself cannot be written to [1]. Defense
in depth.
--Jim
[1] I suppose those flash-IDE thingamabobs that have a switch to toggle
to read-only work just as well here too.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: roberto_at_redix.it: "Re: Question about securelevel"
- In reply to: roberto_at_redix.it: "Re: Question about securelevel"
- Next in thread: Patrick Proniewski: "Re: Question about securelevel"
- Reply: Patrick Proniewski: "Re: Question about securelevel"
- Reply: Ted Cabeen: "Re: Question about securelevel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
