Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: On Wed, 26 Nov 2003 07:45, Chema [EMAIL PROTECTED] wrote: RC Why would you get better performance? If you mount noatime then RC there's no writes to a file system that is accessed in a read-only RC fashion and there should not be any performance issue. Hum, ¿are you talking only about ext3? 'Couse I don't think the reading I am talking about any file system. When only reading from a file system there should not be any performance difference when comparing a RO mount vs a NOATIME mount. If there is a difference then it's a bug in the file system. I guess the thread was about non-journalling filesystems beeing faster, and less of a risk if used ro. Incidentally if you want significantly better performance for such things then you want to run 2.6.0 or a Red Hat kernel so you get directory hashing on ext3. It appears from a casual code inspection that 2.6.0-test10 does not support directory hashing for ext2. So in 2.6.0-test10 ext3 should significantly outperform ext2 when there are large numbers of files in a directory. I'll have to do some benchmarks on this. Yes, thats pretty interesting. The difference it makes is that reading from the disk will never cause disk writes. If you access large numbers of files or if you have IO hardware that has a bottleneck of write bandwidth (EG a typical mail server) then NOATIME makes a significant difference. News Servers are even worth. And full-filesystem scans and some backup tools make the a-time less usefull anyway. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Wed, 26 Nov 2003 14:24, Bernd Eckenfels [EMAIL PROTECTED] wrote: I am talking about any file system. When only reading from a file system there should not be any performance difference when comparing a RO mount vs a NOATIME mount. If there is a difference then it's a bug in the file system. I guess the thread was about non-journalling filesystems beeing faster, and less of a risk if used ro. Even for a non-journalling file system there should be no risk. If a file system is mounted and never written to then only a single disk block should change, the one with the dirty bit indicating that an fsck might be needed on a reboot. If that block is corrupted then you may need to use the backup superblock in the worst-case, but that would require a crash while mounting the file system. The difference it makes is that reading from the disk will never cause disk writes. If you access large numbers of files or if you have IO hardware that has a bottleneck of write bandwidth (EG a typical mail server) then NOATIME makes a significant difference. News Servers are even worth. And full-filesystem scans and some backup tools make the a-time less usefull anyway. There should be a way of reading a file without changing the ATIME that backup programs can use. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: On Wed, 26 Nov 2003 07:45, Chema [EMAIL PROTECTED] wrote: RC Why would you get better performance? If you mount noatime then RC there's no writes to a file system that is accessed in a read-only RC fashion and there should not be any performance issue. Hum, ¿are you talking only about ext3? 'Couse I don't think the reading I am talking about any file system. When only reading from a file system there should not be any performance difference when comparing a RO mount vs a NOATIME mount. If there is a difference then it's a bug in the file system. I guess the thread was about non-journalling filesystems beeing faster, and less of a risk if used ro. Incidentally if you want significantly better performance for such things then you want to run 2.6.0 or a Red Hat kernel so you get directory hashing on ext3. It appears from a casual code inspection that 2.6.0-test10 does not support directory hashing for ext2. So in 2.6.0-test10 ext3 should significantly outperform ext2 when there are large numbers of files in a directory. I'll have to do some benchmarks on this. Yes, thats pretty interesting. The difference it makes is that reading from the disk will never cause disk writes. If you access large numbers of files or if you have IO hardware that has a bottleneck of write bandwidth (EG a typical mail server) then NOATIME makes a significant difference. News Servers are even worth. And full-filesystem scans and some backup tools make the a-time less usefull anyway. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
On Wed, 26 Nov 2003 14:24, Bernd Eckenfels [EMAIL PROTECTED] wrote: I am talking about any file system. When only reading from a file system there should not be any performance difference when comparing a RO mount vs a NOATIME mount. If there is a difference then it's a bug in the file system. I guess the thread was about non-journalling filesystems beeing faster, and less of a risk if used ro. Even for a non-journalling file system there should be no risk. If a file system is mounted and never written to then only a single disk block should change, the one with the dirty bit indicating that an fsck might be needed on a reboot. If that block is corrupted then you may need to use the backup superblock in the worst-case, but that would require a crash while mounting the file system. The difference it makes is that reading from the disk will never cause disk writes. If you access large numbers of files or if you have IO hardware that has a bottleneck of write bandwidth (EG a typical mail server) then NOATIME makes a significant difference. News Servers are even worth. And full-filesystem scans and some backup tools make the a-time less usefull anyway. There should be a way of reading a file without changing the ATIME that backup programs can use. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
On Thu, 09 Oct 2003 10:34:12 +0200 Tarjei Huse [EMAIL PROTECTED] wrote: TH Hi, TH The Securing Debian manual suggest one should set the /usr partition TH to ro and use remount when you install new programs. TH I was just wondering how much security one gains with this. Wouldn't TH most hackers go after the programs in the /bin and /sbin directories TH anyway? Making /usr read-only is not for that kind of security. It will keep your data safe from corruption (soft one, anyway: a disk crash will take anything with it ;-). Besides, you can get a better performance formating it with ext2, since you'll not need journaling. Now, there are ways to mount r-o /bin and /sbin, *and* to disable remounting them rw (unless you reset the box and provide a pass; its a kernel patch or something which's name I can't remember -- but I want to!!). There is some blurb about it here: http://article.gmane.org/gmane.linux.debian.user/114759 And surely in other threads. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED] wrote: Making /usr read-only is not for that kind of security. It will keep your data safe from corruption (soft one, anyway: a disk crash will take anything with it ;-). Besides, you can get a better performance formating it with ext2, since you'll not need journaling. Why would you get better performance? If you mount noatime then there's no writes to a file system that is accessed in a read-only fashion and there should not be any performance issue. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Tue, 25 Nov 2003 21:14:21 +1100 Russell Coker [EMAIL PROTECTED] wrote: RC On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED] RC wrote: RC Making /usr read-only is not for that kind of security. It will RC keep your data safe from corruption (soft one, anyway: a disk RC crash will take anything with it ;-). Besides, you can get a RC better performance formating it with ext2, since you'll not need RC journaling. RC RC Why would you get better performance? If you mount noatime then RC there's no writes to a file system that is accessed in a read-only RC fashion and there should not be any performance issue. Hum, ¿are you talking only about ext3? 'Couse I don't think the reading performance of ext2 and reiserfs/jfs/whatever will be the same just by freezing the access time. Any test will tell you that they are not in usual conditions, e.g. http://fsbench.netnation.com/. ext3 is just a somewhat dirty hack on ext2, and without journaling their performance would be probably the same. Now, how much difference really makes noatime?? Also, access time is usually a piece of information I'll like to keep. Probably some programs (maybee popularity-contest) would also like to know what is being touched. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Wed, 26 Nov 2003 07:45, Chema [EMAIL PROTECTED] wrote: RC Why would you get better performance? If you mount noatime then RC there's no writes to a file system that is accessed in a read-only RC fashion and there should not be any performance issue. Hum, ¿are you talking only about ext3? 'Couse I don't think the reading I am talking about any file system. When only reading from a file system there should not be any performance difference when comparing a RO mount vs a NOATIME mount. If there is a difference then it's a bug in the file system. performance of ext2 and reiserfs/jfs/whatever will be the same just by freezing the access time. Of course different file systems give different performance characteristics, I know this well, I wrote one of the two benchmarks used in the URL you cite. ext3 is just a somewhat dirty hack on ext2, and without journaling their performance would be probably the same. My point is that for read-only operations ext2 and the original ext3 should give the same performance. Incidentally if you want significantly better performance for such things then you want to run 2.6.0 or a Red Hat kernel so you get directory hashing on ext3. It appears from a casual code inspection that 2.6.0-test10 does not support directory hashing for ext2. So in 2.6.0-test10 ext3 should significantly outperform ext2 when there are large numbers of files in a directory. I'll have to do some benchmarks on this. Now, how much difference really makes noatime?? The difference it makes is that reading from the disk will never cause disk writes. If you access large numbers of files or if you have IO hardware that has a bottleneck of write bandwidth (EG a typical mail server) then NOATIME makes a significant difference. Also, access time is usually a piece of information I'll like to keep. In which case you need to mount RW and your entire arguement is bogus. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, 09 Oct 2003 10:34:12 +0200 Tarjei Huse [EMAIL PROTECTED] wrote: TH Hi, TH The Securing Debian manual suggest one should set the /usr partition TH to ro and use remount when you install new programs. TH I was just wondering how much security one gains with this. Wouldn't TH most hackers go after the programs in the /bin and /sbin directories TH anyway? Making /usr read-only is not for that kind of security. It will keep your data safe from corruption (soft one, anyway: a disk crash will take anything with it ;-). Besides, you can get a better performance formating it with ext2, since you'll not need journaling. Now, there are ways to mount r-o /bin and /sbin, *and* to disable remounting them rw (unless you reset the box and provide a pass; its a kernel patch or something which's name I can't remember -- but I want to!!). There is some blurb about it here: http://article.gmane.org/gmane.linux.debian.user/114759 And surely in other threads.
Re: How efficient is mounting /usr ro?
On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED] wrote: Making /usr read-only is not for that kind of security. It will keep your data safe from corruption (soft one, anyway: a disk crash will take anything with it ;-). Besides, you can get a better performance formating it with ext2, since you'll not need journaling. Why would you get better performance? If you mount noatime then there's no writes to a file system that is accessed in a read-only fashion and there should not be any performance issue. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
On Wed, 26 Nov 2003 07:45, Chema [EMAIL PROTECTED] wrote: RC Why would you get better performance? If you mount noatime then RC there's no writes to a file system that is accessed in a read-only RC fashion and there should not be any performance issue. Hum, ¿are you talking only about ext3? 'Couse I don't think the reading I am talking about any file system. When only reading from a file system there should not be any performance difference when comparing a RO mount vs a NOATIME mount. If there is a difference then it's a bug in the file system. performance of ext2 and reiserfs/jfs/whatever will be the same just by freezing the access time. Of course different file systems give different performance characteristics, I know this well, I wrote one of the two benchmarks used in the URL you cite. ext3 is just a somewhat dirty hack on ext2, and without journaling their performance would be probably the same. My point is that for read-only operations ext2 and the original ext3 should give the same performance. Incidentally if you want significantly better performance for such things then you want to run 2.6.0 or a Red Hat kernel so you get directory hashing on ext3. It appears from a casual code inspection that 2.6.0-test10 does not support directory hashing for ext2. So in 2.6.0-test10 ext3 should significantly outperform ext2 when there are large numbers of files in a directory. I'll have to do some benchmarks on this. Now, how much difference really makes noatime?? The difference it makes is that reading from the disk will never cause disk writes. If you access large numbers of files or if you have IO hardware that has a bottleneck of write bandwidth (EG a typical mail server) then NOATIME makes a significant difference. Also, access time is usually a piece of information I'll like to keep. In which case you need to mount RW and your entire arguement is bogus. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
On Tue, 25 Nov 2003 21:14:21 +1100 Russell Coker [EMAIL PROTECTED] wrote: RC On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED] RC wrote: RC Making /usr read-only is not for that kind of security. It will RC keep your data safe from corruption (soft one, anyway: a disk RC crash will take anything with it ;-). Besides, you can get a RC better performance formating it with ext2, since you'll not need RC journaling. RC RC Why would you get better performance? If you mount noatime then RC there's no writes to a file system that is accessed in a read-only RC fashion and there should not be any performance issue. Hum, ¿are you talking only about ext3? 'Couse I don't think the reading performance of ext2 and reiserfs/jfs/whatever will be the same just by freezing the access time. Any test will tell you that they are not in usual conditions, e.g. http://fsbench.netnation.com/. ext3 is just a somewhat dirty hack on ext2, and without journaling their performance would be probably the same. Now, how much difference really makes noatime?? Also, access time is usually a piece of information I'll like to keep. Probably some programs (maybee popularity-contest) would also like to know what is being touched.
Re: How efficient is mounting /usr ro?
On Sun, Oct 19, 2003 at 07:46:41PM -0400, Michael Stone wrote: is not a security argument. The argument must be about why it must *GIVEN* rw. No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Let me start again. Least privilege means you start with everything blocked. Now you give the minimum rwx (and other privs) to each file or process that is needed to do the job that root or whomever is required to do. So you have to make the argument, why should w priv be *added* on the /usr mount? I'm not saying the argument can not be made, but that is the way you approach it. For security you assume a privilege is *not* allowed *unless* you can argue that it should be turned on. That is the inverse of the arguments I am reading. So start from /usr ro, and then list the reasons why it needs be rw. If there are enough and they are good enough, then allow it. Arguments of of the form they'll come in through a different door are not reasons for adding a privilege. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sun, Oct 19, 2003 at 11:51:45PM -0400, Daniel B. wrote: So what is it that you're arguing about? That computer security in general is not information security? If so, so what? That's why ISO says _information_ security instead of just security. If you read the thread, you can see that what started this part of the discussion was a claim that mounting /usr read-only was a security measure just because it makes the system more reliable. That's availability as in system is more often available to users rather than system makes information available to the right people. I hope that by now the difference is clear to everyone involved. -- - mdz
Re: How efficient is mounting /usr ro?
On Sun, Oct 19, 2003 at 07:46:41PM -0400, Michael Stone wrote: is not a security argument. The argument must be about why it must *GIVEN* rw. No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Let me start again. Least privilege means you start with everything blocked. Now you give the minimum rwx (and other privs) to each file or process that is needed to do the job that root or whomever is required to do. So you have to make the argument, why should w priv be *added* on the /usr mount? I'm not saying the argument can not be made, but that is the way you approach it. For security you assume a privilege is *not* allowed *unless* you can argue that it should be turned on. That is the inverse of the arguments I am reading. So start from /usr ro, and then list the reasons why it needs be rw. If there are enough and they are good enough, then allow it. Arguments of of the form they'll come in through a different door are not reasons for adding a privilege.
Re: How efficient is mounting /usr ro?
Quoting Bernd Eckenfels ([EMAIL PROTECTED]): In article [EMAIL PROTECTED] you wrote: In the IT field, security refers specifically to unauthorized use, as in security guard, and security system. It does not, in general, refer to the more generic definitions of security, as in security blanket, securities and exchange commission, or job security. Can you show me a definition of that? I presented two which teach you otherwise. To quote Garfinkel and Spafford (2nd edition, page 6): A formal definition wouldn't necessarily help you any more than our working definition, and would require detailed explanations of risk assessment, asset valuation, policy formation, and a number of other topics beyond what we are able to present here. (in 971 pages). Their definition: Computer Security: 'A computer is secure if you can depend on it and its software to behave as you expect.' And they go on... Our practical definition might also imply to some that security is concerned with issues of testing your software and hardware, and with preventing user mistakes. However, we don't intend our definition to be that inclusive. So I for one would prefer to keep off debian-security such Safety issues as mounting /usr ro (except to expose them as NOT a help towards Security); though running linux off readonly media (hardware-locked) is borderline on-topic. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 02:03:20AM -0400, Matt Zimmerman wrote: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. Its funny, because ISO-17799 is just copy paste from BS-7799, which is a British standard and does document Information Techology security. Not only the UK, but also the US is strongly in favor of this ISO standard, as the NIST itself declares [1] Moreover, is the standard used to define security policies in companies all over the world. So, I'm afraid, IMHO it does document IT security pretty well. They are free to define terms however they like for the purposes of issuing standards documents, and they are under no obligation to write these definitions so as to correspond to any actual usage of these words. Correct, but that precise definition of security is the one upholded by many security practicioners (for god's sake, it's even part of most security-related certifications and graduate/postgraduate courses!). Regards Javi [1] http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf pgp0.pgp Description: PGP signature
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 03:36:50PM +0200, Goswin von Brederlow wrote: Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. If you actually need to modify the file, then mounting ro won't work. If you don't need to modify the file, then there won't be any modifications. An atime update won't move blocks around on the disk and won't cause inconsistencies. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Michael Stone [EMAIL PROTECTED] writes: On Sat, Oct 18, 2003 at 03:36:50PM +0200, Goswin von Brederlow wrote: Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. If you actually need to modify the file, then mounting ro won't work. If you don't need to modify the file, then there won't be any modifications. An atime update won't move blocks around on the disk and won't cause inconsistencies. Don't tell me, tell the programs that do the opening. The more common programs have gotten bugreports and have been fix, at least I have nothing left that writes to /usr anymore. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: How efficient is mounting /usr ro?
-Original Message- From: Yasar Arman [mailto:[EMAIL PROTECTED] Sent: Friday, 17 October 2003 8:01 PM To: Bernd Eckenfels Cc: [EMAIL PROTECTED] Subject: Re: How efficient is mounting /usr ro? Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. I think, you mean safety, not security. Safety (eng.) = Sicherheit (german) Security (eng) = Sicherheit (german) :-) regards, yasar Surely security in a broad sense is about increasing safety, so in this sense, backing up data or making it more difficult to accidently lose data is a security measure. There's no point being secure against one threat (e.g. crackers, script kiddies, viruses) if you don't also protect against the others. Well known security principles such as least privilege are equally about stopping accidental damage as they are about stopping malicious damage. Cheers, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Mon, Oct 20, 2003 at 10:01:14AM +1100, Michael Sharman wrote: Well known security principles such as least privilege are equally about stopping accidental damage as they are about stopping malicious damage. Precisely. If /usr doesn't *REQUIRE* rw in order to function, it should not have it. The argument here has been totally reversed, arguing about why not remove a privilege. That is not a security argument. The argument must be about why it must *GIVEN* rw. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Mon, Oct 20, 2003 at 12:35:19AM +0100, Dale Amon wrote: is not a security argument. The argument must be about why it must *GIVEN* rw. No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: How efficient is mounting /usr ro?
No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Mike Stone So the question is if mounting /usr without owner write permissions is effective in increasing security. Clearly it doesn't help protect from a malicious attacker installing a root kit after already compromising root privileges. Much better to run some kind of tripwire program to do integrity checking (and store the chesksums on a physically read only medium), but even this doesn't achieve much given the likes of http://phrack.org/show.php?p=52a=18 for instance. But maybe there is an argument for it in terms of protecting against accidental corruption of /usr, for example a process running as root has a bug that causes the corruption of files in /usr (but then why are we worrying only about /usr?). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote: Matt Zimmerman wrote: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: [...] * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like [...] Preventing successful denial-of-service attackes preserves the availability or your information. So how are those definitions invalid? I didn't say they were invalid; in fact, I defended ISO's right to use whatever definitions they please. However, they won't necessarily correspond to reality, where availability is not a component of information security, except insofar as good security prevents someone from actively attacking your system's availability (i.e., a DoS). This is probably what ISO meant, though I'm not at all interested in purchasing a copy of the relevant standard to find out. This means that things like a UPS are not information security measures, nor are good system administration practices which might serve to improve overall system availability. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sun, Oct 19, 2003 at 12:57:53PM +0200, Javier Fernández-Sanguino Peña wrote: On Sat, Oct 18, 2003 at 02:03:20AM -0400, Matt Zimmerman wrote: * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. Its funny, because ISO-17799 is just copy paste from BS-7799, which is a British standard and does document Information Techology security. Not only the UK, but also the US is strongly in favor of this ISO standard, as the NIST itself declares [1] Moreover, is the standard used to define security policies in companies all over the world. So, I'm afraid, IMHO it does document IT security pretty well. I don't care what security bible is quoted. Just because this document says that Availability is a component of Information Security doesn't mean that every action which improves availability is a security measure. To stand behind such a simple-minded interpretation is ridiculous. An action which prevents a potential attacker from crashing the system improves availability in a security context. An action which makes the system more stable or maintainable might also improve availability, but has nothing to do with security. Can we wrap this up now? It's getting very, very stupid. Correct, but that precise definition of security is the one upholded by many security practicioners (for god's sake, it's even part of most security-related certifications and graduate/postgraduate courses!). Academics, certification companies and other such entities often have difficulty relating to actual practice. But in this case, I think it's more likely that you are misinterpreting the text. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Michael Sharman [EMAIL PROTECTED] writes: No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Mike Stone So the question is if mounting /usr without owner write permissions is effective in increasing security. Clearly it doesn't help protect from a malicious attacker installing a root kit after already compromising root privileges. Much better to run some kind of tripwire program to do integrity checking (and store the chesksums on a physically read only medium), but even this doesn't achieve much given the likes of http://phrack.org/show.php?p=52a=18 for instance. Sure it does. There is no exploit known to jumper my harddisk with / and /usr from RO to RW mode apart from breakingentering. But maybe there is an argument for it in terms of protecting against accidental corruption of /usr, for example a process running as root has a bug that causes the corruption of files in /usr (but then why are we worrying only about /usr?). Also common root-kits don't remount /usr RW so a lot of the premade root-kits will fail. The little good that will do. And I'm not only worry about /usr but mounting /home RO is hardly possible. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sun, Oct 19, 2003 at 11:51:45PM -0400, Daniel B. wrote: So what is it that you're arguing about? That computer security in general is not information security? If so, so what? That's why ISO says _information_ security instead of just security. If you read the thread, you can see that what started this part of the discussion was a claim that mounting /usr read-only was a security measure just because it makes the system more reliable. That's availability as in system is more often available to users rather than system makes information available to the right people. I hope that by now the difference is clear to everyone involved. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 02:03:20AM -0400, Matt Zimmerman wrote: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. Its funny, because ISO-17799 is just copy paste from BS-7799, which is a British standard and does document Information Techology security. Not only the UK, but also the US is strongly in favor of this ISO standard, as the NIST itself declares [1] Moreover, is the standard used to define security policies in companies all over the world. So, I'm afraid, IMHO it does document IT security pretty well. They are free to define terms however they like for the purposes of issuing standards documents, and they are under no obligation to write these definitions so as to correspond to any actual usage of these words. Correct, but that precise definition of security is the one upholded by many security practicioners (for god's sake, it's even part of most security-related certifications and graduate/postgraduate courses!). Regards Javi [1] http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf pgp6ObKWUjlsK.pgp Description: PGP signature
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 03:36:50PM +0200, Goswin von Brederlow wrote: Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. If you actually need to modify the file, then mounting ro won't work. If you don't need to modify the file, then there won't be any modifications. An atime update won't move blocks around on the disk and won't cause inconsistencies. Mike Stone
Re: How efficient is mounting /usr ro?
Michael Stone [EMAIL PROTECTED] writes: On Sat, Oct 18, 2003 at 03:36:50PM +0200, Goswin von Brederlow wrote: Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. If you actually need to modify the file, then mounting ro won't work. If you don't need to modify the file, then there won't be any modifications. An atime update won't move blocks around on the disk and won't cause inconsistencies. Don't tell me, tell the programs that do the opening. The more common programs have gotten bugreports and have been fix, at least I have nothing left that writes to /usr anymore. MfG Goswin
RE: How efficient is mounting /usr ro?
-Original Message- From: Yasar Arman [mailto:[EMAIL PROTECTED] Sent: Friday, 17 October 2003 8:01 PM To: Bernd Eckenfels Cc: debian-security@lists.debian.org Subject: Re: How efficient is mounting /usr ro? Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. I think, you mean safety, not security. Safety (eng.) = Sicherheit (german) Security (eng) = Sicherheit (german) :-) regards, yasar Surely security in a broad sense is about increasing safety, so in this sense, backing up data or making it more difficult to accidently lose data is a security measure. There's no point being secure against one threat (e.g. crackers, script kiddies, viruses) if you don't also protect against the others. Well known security principles such as least privilege are equally about stopping accidental damage as they are about stopping malicious damage. Cheers, Michael
Re: How efficient is mounting /usr ro?
On Mon, Oct 20, 2003 at 10:01:14AM +1100, Michael Sharman wrote: Well known security principles such as least privilege are equally about stopping accidental damage as they are about stopping malicious damage. Precisely. If /usr doesn't *REQUIRE* rw in order to function, it should not have it. The argument here has been totally reversed, arguing about why not remove a privilege. That is not a security argument. The argument must be about why it must *GIVEN* rw.
Re: How efficient is mounting /usr ro?
On Mon, Oct 20, 2003 at 12:35:19AM +0100, Dale Amon wrote: is not a security argument. The argument must be about why it must *GIVEN* rw. No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Mike Stone
RE: How efficient is mounting /usr ro?
No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Mike Stone So the question is if mounting /usr without owner write permissions is effective in increasing security. Clearly it doesn't help protect from a malicious attacker installing a root kit after already compromising root privileges. Much better to run some kind of tripwire program to do integrity checking (and store the chesksums on a physically read only medium), but even this doesn't achieve much given the likes of http://phrack.org/show.php?p=52a=18 for instance. But maybe there is an argument for it in terms of protecting against accidental corruption of /usr, for example a process running as root has a bug that causes the corruption of files in /usr (but then why are we worrying only about /usr?).
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote: Matt Zimmerman wrote: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: [...] * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like [...] Preventing successful denial-of-service attackes preserves the availability or your information. So how are those definitions invalid? I didn't say they were invalid; in fact, I defended ISO's right to use whatever definitions they please. However, they won't necessarily correspond to reality, where availability is not a component of information security, except insofar as good security prevents someone from actively attacking your system's availability (i.e., a DoS). This is probably what ISO meant, though I'm not at all interested in purchasing a copy of the relevant standard to find out. This means that things like a UPS are not information security measures, nor are good system administration practices which might serve to improve overall system availability. -- - mdz
Re: How efficient is mounting /usr ro?
On Sun, Oct 19, 2003 at 12:57:53PM +0200, Javier Fernández-Sanguino Peña wrote: On Sat, Oct 18, 2003 at 02:03:20AM -0400, Matt Zimmerman wrote: * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. Its funny, because ISO-17799 is just copy paste from BS-7799, which is a British standard and does document Information Techology security. Not only the UK, but also the US is strongly in favor of this ISO standard, as the NIST itself declares [1] Moreover, is the standard used to define security policies in companies all over the world. So, I'm afraid, IMHO it does document IT security pretty well. I don't care what security bible is quoted. Just because this document says that Availability is a component of Information Security doesn't mean that every action which improves availability is a security measure. To stand behind such a simple-minded interpretation is ridiculous. An action which prevents a potential attacker from crashing the system improves availability in a security context. An action which makes the system more stable or maintainable might also improve availability, but has nothing to do with security. Can we wrap this up now? It's getting very, very stupid. Correct, but that precise definition of security is the one upholded by many security practicioners (for god's sake, it's even part of most security-related certifications and graduate/postgraduate courses!). Academics, certification companies and other such entities often have difficulty relating to actual practice. But in this case, I think it's more likely that you are misinterpreting the text. -- - mdz
Re: How efficient is mounting /usr ro?
Michael Sharman [EMAIL PROTECTED] writes: No, it's an argument of efficacy. Removing rw from a mount doesn't remove the ability to write to it for a malicious user. If it gives you warm fuzzies, great, do it. But that's all it's going to do for you. Mike Stone So the question is if mounting /usr without owner write permissions is effective in increasing security. Clearly it doesn't help protect from a malicious attacker installing a root kit after already compromising root privileges. Much better to run some kind of tripwire program to do integrity checking (and store the chesksums on a physically read only medium), but even this doesn't achieve much given the likes of http://phrack.org/show.php?p=52a=18 for instance. Sure it does. There is no exploit known to jumper my harddisk with / and /usr from RO to RW mode apart from breakingentering. But maybe there is an argument for it in terms of protecting against accidental corruption of /usr, for example a process running as root has a bug that causes the corruption of files in /usr (but then why are we worrying only about /usr?). Also common root-kits don't remount /usr RW so a lot of the premade root-kits will fail. The little good that will do. And I'm not only worry about /usr but mounting /home RO is hardly possible. MfG Goswin
Re: How efficient is mounting /usr ro?
Matt Zimmerman wrote: On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote: Matt Zimmerman wrote: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: [...] * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like [...] Preventing successful denial-of-service attackes preserves the availability or your information. So how are those definitions invalid? I didn't say they were invalid; You said that ISO's terms don't document either English or Information Technology and now you say: However, they won't necessarily correspond to reality... How do they not reflect reality where availability is not a component of information security, Huh? The reason information security is so tricky is that availability is a key part. If it only involved confidentiality, you could lock data up in a vault, or throw it down a black hole (ignore recent physics thought on preservation of information), and information security would be easy to provide. However, it is _not_ easy, and one reason is that it requires making information available to the right people while keeping it secret and protected from the wrong people. So what is it that you're arguing about? That computer security in general is not information security? If so, so what? That's why ISO says _information_ security instead of just security. Daniel -- Daniel Barclay [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 06:26:01PM +0200, Bernd Eckenfels wrote: And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like for the purposes of issuing standards documents, and they are under no obligation to write these definitions so as to correspond to any actual usage of these words. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 04:05:22AM +0200, Goswin von Brederlow wrote: Mounting stuff read-only also prevents filesystem corruption in case the system does crash A quiescent filesystem isn't going to be corrupted in a system crash. You need to have metadata inconsistencies caused by filesystem activity before you can get corruption. reduces the frequency of fscks if you reboot frequently. If that's an issue for you, fix it properly by using a journalling fs. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Michael Stone [EMAIL PROTECTED] writes: On Sat, Oct 18, 2003 at 04:05:22AM +0200, Goswin von Brederlow wrote: Mounting stuff read-only also prevents filesystem corruption in case the system does crash A quiescent filesystem isn't going to be corrupted in a system crash. You need to have metadata inconsistencies caused by filesystem activity before you can get corruption. Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. reduces the frequency of fscks if you reboot frequently. If that's an issue for you, fix it properly by using a journalling fs. No FS is perfect. I trust a harddisk jumpered to read-only or a cdrom more. Mike Stone MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sat, 18 Oct 2003 23:36, Goswin von Brederlow wrote: Michael Stone [EMAIL PROTECTED] writes: A quiescent filesystem isn't going to be corrupted in a system crash. You need to have metadata inconsistencies caused by filesystem activity before you can get corruption. Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. Opening a file read-write does not necessarily imply actually writing to it. Programs that open read-write when they don't need to are broken, and they are actively being tracked down and fixed. Such programs get logged in the kernel message log in SE Linux and it's easy to track them down and fix them. As for atime, the -onoatime mount option takes care of it. I mount lots of file systems with noatime just to improve performance. One machine that I inspected had no writes to it's root file system during normal operations after noatime was installed. Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. Very funny. Personally I feel you are just short sighted, but if you like me to shut p on this issues, I have no problem with that. However, how good is a box which cannot be hacked but can simply be DOSed? I quoted the ISO definition and the commonly used definition by security gurus like Schneier. If you can find an equally weighted source, I might belief you that the english meaning of security is as narrow minded as yoi think it is. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: In the IT field, security refers specifically to unauthorized use, as in security guard, and security system. It does not, in general, refer to the more generic definitions of security, as in security blanket, securities and exchange commission, or job security. Can you show me a definition of that? I presented two which teach you otherwise. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Hey all, no jihad please, there are times to couple intruder/vandalism security and safety, and there are times to look at both concepts as distinct. To use the distinct definition, safety includes security, as not-secured data is not safe, and security without safety measures makes no sense. Program errors leading to unsafety and those leading to insecurity are very closely related to each other. On the other hand, security issues sometimes tend to be of legal nature, as in data security, and failing security may bring a company to court, which is clearly more important than keeping your server up 24/7. Human communication isn't exact, and as anyone can clearly see from the rants of both sides, the exact meaning of the word security varies, not only in english, but in german as well, as a lot of people tend to use stability where others say security. Neiter English nor German are programming languages ;) Greetings, -- Thomas Ritter Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety. - Benjamin Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sun, 19 Oct 2003 03:44, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. Very funny. Personally I feel you are just short sighted, but if you like It's not a joke. This list was not created for discussions on how to avoid FSCK problems on servers that run all the time, debian-isp was created for that sort of thing. When an existing list doesn't fill a need then the best thing to do is to create a new list. If you get a debian-security-de list as I suggest then you can discuss things in German too, which should be a double benefit. me to shut p on this issues, I have no problem with that. However, how good is a box which cannot be hacked but can simply be DOSed? Name one DOS attack that is avoided by mounting /usr ro. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Matt Zimmerman wrote: On Fri, Oct 17, 2003 at 06:26:01PM +0200, Bernd Eckenfels wrote: And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like Preventing crackers from breaking into your system and stealing data preserves your information's confidentially. Preventing crackers from corrupting your data preserves your information's integrity. Preventing successful denial-of-service attackes preserves the availability or your information. So how are those definitions invalid? Daniel -- Daniel Barclay [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, Oct 16, 2003 at 11:08:46PM +0200, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. In the IT field, security refers specifically to unauthorized use, as in security guard, and security system. It does not, in general, refer to the more generic definitions of security, as in security blanket, securities and exchange commission, or job security. -- - mdz
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 06:26:01PM +0200, Bernd Eckenfels wrote: And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like for the purposes of issuing standards documents, and they are under no obligation to write these definitions so as to correspond to any actual usage of these words. -- - mdz
Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 04:05:22AM +0200, Goswin von Brederlow wrote: Mounting stuff read-only also prevents filesystem corruption in case the system does crash A quiescent filesystem isn't going to be corrupted in a system crash. You need to have metadata inconsistencies caused by filesystem activity before you can get corruption. reduces the frequency of fscks if you reboot frequently. If that's an issue for you, fix it properly by using a journalling fs. Mike Stone
Re: How efficient is mounting /usr ro?
Michael Stone [EMAIL PROTECTED] writes: On Sat, Oct 18, 2003 at 04:05:22AM +0200, Goswin von Brederlow wrote: Mounting stuff read-only also prevents filesystem corruption in case the system does crash A quiescent filesystem isn't going to be corrupted in a system crash. You need to have metadata inconsistencies caused by filesystem activity before you can get corruption. Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. reduces the frequency of fscks if you reboot frequently. If that's an issue for you, fix it properly by using a journalling fs. No FS is perfect. I trust a harddisk jumpered to read-only or a cdrom more. Mike Stone MfG Goswin
Re: How efficient is mounting /usr ro?
On Sat, 18 Oct 2003 23:36, Goswin von Brederlow wrote: Michael Stone [EMAIL PROTECTED] writes: A quiescent filesystem isn't going to be corrupted in a system crash. You need to have metadata inconsistencies caused by filesystem activity before you can get corruption. Which you get from time to time due to programs opening files read-write when possible, mtime and atime updates etc. Opening a file read-write does not necessarily imply actually writing to it. Programs that open read-write when they don't need to are broken, and they are actively being tracked down and fixed. Such programs get logged in the kernel message log in SE Linux and it's easy to track them down and fix them. As for atime, the -onoatime mount option takes care of it. I mount lots of file systems with noatime just to improve performance. One machine that I inspected had no writes to it's root file system during normal operations after noatime was installed. Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. Very funny. Personally I feel you are just short sighted, but if you like me to shut p on this issues, I have no problem with that. However, how good is a box which cannot be hacked but can simply be DOSed? I quoted the ISO definition and the commonly used definition by security gurus like Schneier. If you can find an equally weighted source, I might belief you that the english meaning of security is as narrow minded as yoi think it is. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: In the IT field, security refers specifically to unauthorized use, as in security guard, and security system. It does not, in general, refer to the more generic definitions of security, as in security blanket, securities and exchange commission, or job security. Can you show me a definition of that? I presented two which teach you otherwise. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
Hey all, no jihad please, there are times to couple intruder/vandalism security and safety, and there are times to look at both concepts as distinct. To use the distinct definition, safety includes security, as not-secured data is not safe, and security without safety measures makes no sense. Program errors leading to unsafety and those leading to insecurity are very closely related to each other. On the other hand, security issues sometimes tend to be of legal nature, as in data security, and failing security may bring a company to court, which is clearly more important than keeping your server up 24/7. Human communication isn't exact, and as anyone can clearly see from the rants of both sides, the exact meaning of the word security varies, not only in english, but in german as well, as a lot of people tend to use stability where others say security. Neiter English nor German are programming languages ;) Greetings, -- Thomas Ritter Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety. - Benjamin Franklin
Re: How efficient is mounting /usr ro?
On Sun, 19 Oct 2003 03:44, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. Very funny. Personally I feel you are just short sighted, but if you like It's not a joke. This list was not created for discussions on how to avoid FSCK problems on servers that run all the time, debian-isp was created for that sort of thing. When an existing list doesn't fill a need then the best thing to do is to create a new list. If you get a debian-security-de list as I suggest then you can discuss things in German too, which should be a double benefit. me to shut p on this issues, I have no problem with that. However, how good is a box which cannot be hacked but can simply be DOSed? Name one DOS attack that is avoided by mounting /usr ro. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
Matt Zimmerman wrote: On Fri, Oct 17, 2003 at 06:26:01PM +0200, Bernd Eckenfels wrote: And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. ISO, I'm afraid, does not document either English or Information Technology. They are free to define terms however they like Preventing crackers from breaking into your system and stealing data preserves your information's confidentially. Preventing crackers from corrupting your data preserves your information's integrity. Preventing successful denial-of-service attackes preserves the availability or your information. So how are those definitions invalid? Daniel -- Daniel Barclay [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. I think, you mean safety, not security. Safety (eng.) = Sicherheit (german) Security (eng) = Sicherheit (german) :-) regards, yasar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 11:01:27AM +0200, Yasar Arman wrote:
Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
A read-only /usr is not a security measure.
Depends on your definition og it-security. It reduces downtime, prevents
some admin and software failures and therefore is a security measure.
I think,
you mean safety, not security.
Safety (eng.) = Sicherheit (german)
Security (eng) = Sicherheit (german)
we have the same problem with english.
$ dict security
2 definitions found
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Security \Se*curi*ty\, n.; pl. {Securities}. [L. securitas: cf.
F. s['e]curit['e]. See {Secure}, and cf. {Surety}.]
[...]
(c) Freedom from risk; safety.
[...]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Yes, all of them improves the data and service availability and is therefore an it security measure. You may want to check out the baseline security manual on even more (i.e. organisational) means. http://www.bsi.bund.de/gshb/english/menue.htm Security is about protection from unauthorised access This is your definition, it does not match most of the literature you can get in that area. However most often, this is the only area where everybody talks about and where you can make the big money :) Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: You may want to check out the baseline security manual on even more (i.e. organisational) means. Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: http://www.bsi.bund.de/gshb/english/menue.htm Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? Now here we're discussing about 'real life'. So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. That's debian-security. For the second one I would suggest debian-isp or debian-user. Christian - Original Message - From: Bernd Eckenfels [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 17, 2003 6:26 PM Subject: Re: How efficient is mounting /usr ro? ... Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 09:05:04AM -0700, Christian G. Warden wrote:
we have the same problem with english.
$ dict security
2 definitions found
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Security \Se*curi*ty\, n.; pl. {Securities}. [L. securitas: cf.
F. s['e]curit['e]. See {Secure}, and cf. {Surety}.]
[...]
(c) Freedom from risk; safety.
[...]
Ok, how about wrapping this thread up sometime soon. The semantics and
philosophical issues can be discussed in much greater depth than they have
been so far, but preferably not on deb-sec. Here are some observations:
Making /usr read-only is not likely going to be an option in
debian-installer any time soon. The question is whether to mention the
possibility of doing it in any documentation. It's not much of a defense
against a cracker, and only useful against an automated attack that doesn't
check for it, in terms of security, so the Debian security manual isn't an
obvious place for it. It's the sort of thing that could get mentioned as a
possibly-useful-for-some-systems kind of thing in with other sysadmin tips
and tricks.
Any docs that do mention it should include info on how to tell apt to mount
it read-write before running dpkg, and read-only again after:
DPkg {
// Auto re-mounting of a readonly /usr
Pre-Invoke {mount -o remount,rw /usr;};
Post-Invoke {mount -o remount,ro /usr;};
}
from:
http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html
(note the caveat that dpkg could sometimes leave running processes with file
descriptors open on deleted files, preventing /usr from being remount ro
again.)
So, as I see it, mounting /usr read-only is of minor benefit, and is only
even possible for people who have /usr on a filesystem by itself, or with
other read-only stuff. It's worth a mention somewhere, but shouldn't be
promoted as a best-practice or something that all good admins do. If a
particular system would really benefit from it, the admin probably just
needs to see the idea mentioned, not see a big list of effects on systems in
general.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca)
The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces! -- Plautus, 200 BC
signature.asc
Description: Digital signature
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 08:57:43PM +0200, Christian Storch wrote: Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? In theory, it approximates the practice :) So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. My view is that either C, I or A represents an area against which an attacker or some accident could bring on `bad impact'. Consider the simple question `Is my site defaced?'. To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. (I also got used to remount,ro /, for that matter) bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Russell Coker [EMAIL PROTECTED] writes: On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. Mounting stuff read-only also prevents filesystem corruption in case the system does crash and reduces the frequency of fscks if you reboot frequently. You can also just pull the network plug and go single user before mounting /usr RW for updates. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, Oct 16, 2003 at 11:08:46PM +0200, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. In the IT field, security refers specifically to unauthorized use, as in security guard, and security system. It does not, in general, refer to the more generic definitions of security, as in security blanket, securities and exchange commission, or job security. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. I think, you mean safety, not security. Safety (eng.) = Sicherheit (german) Security (eng) = Sicherheit (german) :-) regards, yasar
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Yes, all of them improves the data and service availability and is therefore an it security measure. You may want to check out the baseline security manual on even more (i.e. organisational) means. http://www.bsi.bund.de/gshb/english/menue.htm Security is about protection from unauthorised access This is your definition, it does not match most of the literature you can get in that area. However most often, this is the only area where everybody talks about and where you can make the big money :) Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. And to reply to myself: Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: You may want to check out the baseline security manual on even more (i.e. organisational) means. Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de
Re: How efficient is mounting /usr ro?
Bernd Eckenfels [EMAIL PROTECTED] wrote: http://www.bsi.bund.de/gshb/english/menue.htm Better forget that ridiculous paper. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:[EMAIL PROTECTED] http://www.x-pie.de
Re: How efficient is mounting /usr ro?
Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? Now here we're discussing about 'real life'. So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. That's debian-security. For the second one I would suggest debian-isp or debian-user. Christian - Original Message - From: Bernd Eckenfels [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Friday, October 17, 2003 6:26 PM Subject: Re: How efficient is mounting /usr ro? ... Information Security - As defined by ISO-17799, information security is characterized as the preservation of: * Confidentiality - ensuring that information is accessible only to those authorized to have access. * Integrity - safeguarding the accuracy and completeness of information and processing methods. * Availability - ensuring that authorized users have access to information and associated assets when required.
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 09:05:04AM -0700, Christian G. Warden wrote:
we have the same problem with english.
$ dict security
2 definitions found
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Security \Se*curi*ty\, n.; pl. {Securities}. [L. securitas: cf.
F. s['e]curit['e]. See {Secure}, and cf. {Surety}.]
[...]
(c) Freedom from risk; safety.
[...]
Ok, how about wrapping this thread up sometime soon. The semantics and
philosophical issues can be discussed in much greater depth than they have
been so far, but preferably not on deb-sec. Here are some observations:
Making /usr read-only is not likely going to be an option in
debian-installer any time soon. The question is whether to mention the
possibility of doing it in any documentation. It's not much of a defense
against a cracker, and only useful against an automated attack that doesn't
check for it, in terms of security, so the Debian security manual isn't an
obvious place for it. It's the sort of thing that could get mentioned as a
possibly-useful-for-some-systems kind of thing in with other sysadmin tips
and tricks.
Any docs that do mention it should include info on how to tell apt to mount
it read-write before running dpkg, and read-only again after:
DPkg {
// Auto re-mounting of a readonly /usr
Pre-Invoke {mount -o remount,rw /usr;};
Post-Invoke {mount -o remount,ro /usr;};
}
from:
http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html
(note the caveat that dpkg could sometimes leave running processes with file
descriptors open on deleted files, preventing /usr from being remount ro
again.)
So, as I see it, mounting /usr read-only is of minor benefit, and is only
even possible for people who have /usr on a filesystem by itself, or with
other read-only stuff. It's worth a mention somewhere, but shouldn't be
promoted as a best-practice or something that all good admins do. If a
particular system would really benefit from it, the admin probably just
needs to see the idea mentioned, not see a big list of effects on systems in
general.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca)
The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces! -- Plautus, 200 BC
signature.asc
Description: Digital signature
Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 08:57:43PM +0200, Christian Storch wrote: Yes, a very sophisticated kind of definition. But what about the small gap between theory and practice? In theory, it approximates the practice :) So I think security and availability represent to basic independend points of discussion. Security in a sense of preventing of bad impact from outside a system. My view is that either C, I or A represents an area against which an attacker or some accident could bring on `bad impact'. Consider the simple question `Is my site defaced?'. To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. (I also got used to remount,ro /, for that matter) bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever
Re: How efficient is mounting /usr ro?
On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: How efficient is mounting /usr ro?
Russell Coker [EMAIL PROTECTED] writes: On Sat, 18 Oct 2003 07:07, Adam ENDRODI wrote: To stay on topic, I'm for keeping /usr and /usr/local read-only, because really nothing should update them except for a few programs under controlled circumstances (that's what makes the enforcment of this policy cheap). In addition, it might help you notice an intrusion. Unless you have a good auditing setup (none of the various auditing modules are available in Debian) then you probably won't notice an automated attack that is blocked by having a read-only file system. The attack may continue hitting you regularly until you remount it rw for an upgrade, at which time the attack will succeed. If you want security for such things then use SE Linux, systrace, RSBAC, or GRSEC. Don't waste time with ro mounts of /usr. Mounting stuff read-only also prevents filesystem corruption in case the system does crash and reduces the frequency of fscks if you reboot frequently. You can also just pull the network plug and go single user before mounting /usr RW for updates. MfG Goswin
Re: How efficient is mounting /usr ro?
On Thu, Oct 09, 2003 at 10:34:12AM +0200, Tarjei Huse wrote: The Securing Debian manual suggest one should set the /usr partition to ro and use remount when you install new programs. I was just wondering how much security one gains with this. Wouldn't most hackers go after the programs in the /bin and /sbin directories anyway? A read-only /usr is not a security measure. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, 17 Oct 2003 07:08, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Security is about protection from unauthorised access and keeping the system running in the face of attack. A read-only /usr does not help this in the regular case as anyone who has permissions to modify files under /usr also has permissions to remount it read-write. Any measure you take to prevent remounting /usr will probably also prevent file writes as well, so having it mounted read-only gains little. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: How efficient is mounting /usr ro?
yes, a tape system is partly a security measure, logs are stored offline (and hopefully offsite) as are data. UPS and ECC are uptime features not security IMHO. Is /usr ro, useful? for a web server or firewall that rarely changes its OS files and is at more of a risk then yes it probably is worth the effort, otherwise probably not. My reasoning is security enhancements are often incremental and that small hurdle may just be enough to defeat a script kiddie or an automated worm. regards Steven -Original Message- From: Russell Coker [mailto:[EMAIL PROTECTED] Sent: Friday, 17 October 2003 4:14 PM To: Bernd Eckenfels; [EMAIL PROTECTED] Subject: Re: How efficient is mounting /usr ro? On Fri, 17 Oct 2003 07:08, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Security is about protection from unauthorised access and keeping the system running in the face of attack. A read-only /usr does not help this in the regular case as anyone who has permissions to modify files under /usr also has permissions to remount it read-write. Any measure you take to prevent remounting /usr will probably also prevent file writes as well, so having it mounted read-only gains little. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, Oct 09, 2003 at 10:34:12AM +0200, Tarjei Huse wrote: The Securing Debian manual suggest one should set the /usr partition to ro and use remount when you install new programs. I was just wondering how much security one gains with this. Wouldn't most hackers go after the programs in the /bin and /sbin directories anyway? A read-only /usr is not a security measure. -- - mdz
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: How efficient is mounting /usr ro?
On Fri, 17 Oct 2003 07:08, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Security is about protection from unauthorised access and keeping the system running in the face of attack. A read-only /usr does not help this in the regular case as anyone who has permissions to modify files under /usr also has permissions to remount it read-write. Any measure you take to prevent remounting /usr will probably also prevent file writes as well, so having it mounted read-only gains little. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
RE: How efficient is mounting /usr ro?
yes, a tape system is partly a security measure, logs are stored offline (and hopefully offsite) as are data. UPS and ECC are uptime features not security IMHO. Is /usr ro, useful? for a web server or firewall that rarely changes its OS files and is at more of a risk then yes it probably is worth the effort, otherwise probably not. My reasoning is security enhancements are often incremental and that small hurdle may just be enough to defeat a script kiddie or an automated worm. regards Steven -Original Message- From: Russell Coker [mailto:[EMAIL PROTECTED] Sent: Friday, 17 October 2003 4:14 PM To: Bernd Eckenfels; debian-security@lists.debian.org Subject: Re: How efficient is mounting /usr ro? On Fri, 17 Oct 2003 07:08, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: A read-only /usr is not a security measure. Depends on your definition og it-security. It reduces downtime, prevents some admin and software failures and therefore is a security measure. So is a tape backup a security measure? What about a UPS? Is ECC memory a security measure? I guess it's a security measure to buy rack mount servers from companies such as Dell rather than assembling your own white-box machines then. :-# Security is about protection from unauthorised access and keeping the system running in the face of attack. A read-only /usr does not help this in the regular case as anyone who has permissions to modify files under /usr also has permissions to remount it read-write. Any measure you take to prevent remounting /usr will probably also prevent file writes as well, so having it mounted read-only gains little. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Tue, Oct 14, 2003 at 01:09:49PM -0400, Michael Stone wrote: That's fairly useless as a security measure; I would *not* recommend this. It is not difficult for a script kiddie these days to use tools that will make this method ineffective for removal (giving you a false sense of security). I'm not sure I see how this is possible. Are you talking about a hacked rsync? In my own case I do an NFS floppy boot so the rsync is safe. AFAIK, rsync does a block by block check of each file and leaves the target files with a set of blocks matching those on the source system. Any file names not on the source are removed from the target. I can't see how you could get around it. Some mucking about with inodes? But then that would get cleaned up by a fsck... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Tue, Oct 14, 2003 at 01:09:49PM -0400, Michael Stone wrote: That's fairly useless as a security measure; I would *not* recommend this. It is not difficult for a script kiddie these days to use tools that will make this method ineffective for removal (giving you a false sense of security). I'm not sure I see how this is possible. Are you talking about a hacked rsync? In my own case I do an NFS floppy boot so the rsync is safe. AFAIK, rsync does a block by block check of each file and leaves the target files with a set of blocks matching those on the source system. Any file names not on the source are removed from the target. I can't see how you could get around it. Some mucking about with inodes? But then that would get cleaned up by a fsck...
Re: How efficient is mounting /usr ro?
On Fri, Oct 10, 2003 at 01:22:48PM +1300, Steve Wray wrote: Getting rid of root kits? [snip] The answer we came up with was to update boxes by rsync with --delete That's fairly useless as a security measure; I would *not* recommend this. It is not difficult for a script kiddie these days to use tools that will make this method ineffective for removal (giving you a false sense of security). Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 10, 2003 at 01:22:48PM +1300, Steve Wray wrote: Getting rid of root kits? [snip] The answer we came up with was to update boxes by rsync with --delete That's fairly useless as a security measure; I would *not* recommend this. It is not difficult for a script kiddie these days to use tools that will make this method ineffective for removal (giving you a false sense of security). Mike Stone
Re: How efficient is mounting /usr ro?
On Fri, Oct 10, 2003 at 01:22:48PM +1300, Steve Wray wrote: Getting rid of root kits? Recently I've been thinking about this sort of thing as part of a project for work. The answer we came up with was to update boxes by rsync with --delete Yep, that's what I do. NFS floppy boot and rsync. Works like a charm. -- -- IN MY NAME:Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, 9 Oct 2003, Bernhard R. Link wrote: security one gets by this is that this way /usr has no chance to go corrupt when de power supply fails and less possible corruption Well, no chance from software related issues (files not writing properly, etc) but an electrical surge could still do in the filesystem. make it less propable that a corruption helping an attacker accours. True. On the other hand if you then forget to remount it rw when updating packages this may corrupt your system helping an attacker in. IIRC I did something like this a few years ago and it didn't cause corruption, it just resulted in the package installation failing. On the other hand one should not over-estimate the inteligence of script-kiddies. Even those writing the scripts tend to be lousy programers, from what I have seen. Indeed. Rob -- Robert Brockway B.Sc. email: [EMAIL PROTECTED], [EMAIL PROTECTED] Linux counter project ID #16440 (http://counter.li.org) The earth is but one country and mankind its citizens -Baha'u'llah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Thu, 9 Oct 2003, Ted Cabeen wrote: I agree. If you are looking for this kind of security, your best bet is to set the immutable bit on all of your system files. That will ensure that only a reboot in single user mode will allow these files to be changed. (Make sure you set immutable the system boot scripts as well) The immutable bit can be removed from a file on a running system. I just confirmed this on a box to make sure recent kernels hadn't changed this behaviour. Rob -- Robert Brockway B.Sc. email: [EMAIL PROTECTED], [EMAIL PROTECTED] Linux counter project ID #16440 (http://counter.li.org) The earth is but one country and mankind its citizens -Baha'u'llah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: The immutable bit can be removed from a file on a running system. I just confirmed this on a box to make sure recent kernels hadn't changed this behaviour. Depends on capabilities settings. Capabilities control must be in effect for that. Older kernels used the securelevel for that. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: IIRC I did something like this a few years ago and it didn't cause corruption, it just resulted in the package installation failing. Yes, but it leaves them a bit confused (selected but uninstalled). It is worse if you mount /var noexec. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How efficient is mounting /usr ro?
On Fri, Oct 10, 2003 at 01:22:48PM +1300, Steve Wray wrote: Getting rid of root kits? Recently I've been thinking about this sort of thing as part of a project for work. The answer we came up with was to update boxes by rsync with --delete Yep, that's what I do. NFS floppy boot and rsync. Works like a charm. -- -- IN MY NAME:Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org --
Re: How efficient is mounting /usr ro?
On Thu, 9 Oct 2003, Bernhard R. Link wrote: security one gets by this is that this way /usr has no chance to go corrupt when de power supply fails and less possible corruption Well, no chance from software related issues (files not writing properly, etc) but an electrical surge could still do in the filesystem. make it less propable that a corruption helping an attacker accours. True. On the other hand if you then forget to remount it rw when updating packages this may corrupt your system helping an attacker in. IIRC I did something like this a few years ago and it didn't cause corruption, it just resulted in the package installation failing. On the other hand one should not over-estimate the inteligence of script-kiddies. Even those writing the scripts tend to be lousy programers, from what I have seen. Indeed. Rob -- Robert Brockway B.Sc. email: [EMAIL PROTECTED], [EMAIL PROTECTED] Linux counter project ID #16440 (http://counter.li.org) The earth is but one country and mankind its citizens -Baha'u'llah
Re: How efficient is mounting /usr ro?
On Thu, 9 Oct 2003, Ted Cabeen wrote: I agree. If you are looking for this kind of security, your best bet is to set the immutable bit on all of your system files. That will ensure that only a reboot in single user mode will allow these files to be changed. (Make sure you set immutable the system boot scripts as well) The immutable bit can be removed from a file on a running system. I just confirmed this on a box to make sure recent kernels hadn't changed this behaviour. Rob -- Robert Brockway B.Sc. email: [EMAIL PROTECTED], [EMAIL PROTECTED] Linux counter project ID #16440 (http://counter.li.org) The earth is but one country and mankind its citizens -Baha'u'llah
Re: How efficient is mounting /usr ro?
In article [EMAIL PROTECTED] you wrote: The immutable bit can be removed from a file on a running system. I just confirmed this on a box to make sure recent kernels hadn't changed this behaviour. Depends on capabilities settings. Capabilities control must be in effect for that. Older kernels used the securelevel for that. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
