I am curious to hear peoples thoughts on adding some mount(2)
hardening when the system is running at securelevel 2. Specifically:
* do not allow removing MT_NODEV, MT_NOEXEC, MT_NOSUID,
or MT_RDONLY in conjunction with MNT_UPDATE
* do not allow MNT_WXALLOWED in conjunction with
MNT_UPDATE
Currently, if someone does manage to get a root toehold on a host,
they can remove noexec from /tmp as a possible springboard to upload
nasties, and then change /usr from read-only to read-write and
scribble all over your binaries.
This somewhat follows from how securelevel 1 removes the ability
to muck with the immutable and append only bits on files.
--lyndon
