On Thu, Jan 26, 2006 at 05:55:22PM +0100, Henning Brauer wrote:
> * Joachim Schipper <[EMAIL PROTECTED]> [2006-01-26 15:26]:
> > You might want to read a little about the recent polemic surrounding
> > securelevels. Basically, they work, but files that are supposed to be
> > unchangeable can be made inaccessible by (transparently?) mounting a
> > filesystem on top. This was fixed in, for instance, NetBSD by
> > disallowing mounts;
>
> "fixed"?
> gimme a break.
> disallowing mounts at securelevel 2 fixes exactly what?
> nothing, since anybody runs securelevel 1 anyway, and there nothing is
> "fixed".
> lokk at the restrictions in securelevel 2. it's just not an option.
>
> this non-issue is not fixable.
I agree with your assessment - but disallowing mounts in securelevel 2
fixes the most obvious attack (that anybody with even a little UNIX
knowledge could have foreseen, and in fact anyone competent who read the
manpages while seriously considering implementing securelevels should
have picked up, granted, which is why I'd call it the most obvious). In
this sense, this 'fixes' the 'issue'.
That does not mean that I think securelevels are very useful[1]; in
fact, in the part you snipped, I wrote:
> > That is not to say that securelevels do not restrict some things;
> > however, whether they are actually useful is questionable.
> > Certainly, time spent on tuning them may be better spent elsewhere.
Joachim
[1] Or rather, I think there may be some benefit to restricting certain
system calls, essentially disallowing quite a bit of the system
administration work; however, I doubt many people would use it, and the
implementation should be very different from what securelevels are now.
