Re: setting a disk read only
On 26 Jun 2004 at 10:44, Matthew Seaman wrote: > On Sat, Jun 26, 2004 at 02:38:28AM +0200, MICSKO Viktor wrote: > > > Is it possible to setting a *whole* disk read only? I mean the way linux > > does it with "hdparm -r 1 device". So adding an -o ro parameter to mount > > isn't enough, I want to be sure that the disk is unmodified. > > > > (I have to access an existing raid of 8 disks using vinum without any > > modified bit, because of the highly sensitive data. Any idea doing this > > absolutely securely is welcome too) > > Hmmm... SCSI disks can be physically jumpered to be read-only. I > should think that ATA drives can be treated the same way. Consult the > manufacturers' data sheets for details. > Some time ago there was an article in the Elektor Magazine. They broke a line in the ATA cable and brought it to a switch on the front, with a pullup resistor on the disk side. The switch was labeled 'normal operation' and 'read only' Could be the hard way to do it. Literally. Kjell ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: setting a disk read only
On Saturday 26 June 2004 22:06, JJB wrote: > Security Paranoia > It's very important that you completely understand the impact of > using the following command will have on your ability to make > changes to your system. > > The simplest thing you can do is set the immutable flag on all > system binaries and /etc config files with: > > chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) > /etc/*(*) > It seems to me that mounting all partitions from the disk as read only would achieve rather more; and more simply. But neither protects against direct writes to the raw device. And if you are really paranoid about this I think the only solution is a hardware switch. I suspect the linux 'hdparm' also has its limitations; only a hardware switch can protect against software bugs or a successful invasion. > Setting the immutable flag on, means the files are marked as being > protected from being written over. Once you execute the above > command, no process can over write those files thus increasing the > level of difficulty for the attacker and increasing the odds in your > favor of the attacker leaving error messages in the system log. On > the other hand you as root user can not make any changes to those > file so marked either. > > Ever time you want to make changes you have to issue the command to > turn off the immutable flag on all the same files. Use this command > to do that: > > chflags noschg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) > /etc/*(*) > > You can use "ls -lo" command to see the immutable flags of existing > > You could do this to any slice with chflags noschg /*(*) /usr/*(*) > what ever > Malcolm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: setting a disk read only
On Sat, Jun 26, 2004 at 08:36:49AM -0400, JJB probably wrote: > Security Paranoia > It's very important that you completely understand the impact of > using the following command will have on your ability to make > changes to your system. > > The simplest thing you can do is set the immutable flag on all > system binaries and /etc config files with: > > chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) > /etc/*(*) > > Setting the immutable flag on, means the files are marked as being > protected from being written over. Once you execute the above > command, no process can over write those files thus increasing the > level of difficulty for the attacker and increasing the odds in your > favor of the attacker leaving error messages in the system log. On > the other hand you as root user can not make any changes to those > file so marked either. Only if you can't remove that flags (that is, only if you're running at a securelevel>0). -- DoubleF If you only have a hammer, you tend to see every problem as a nail. -- Maslow pgpkVzrVx1qc5.pgp Description: PGP signature
Re: setting a disk read only
Security Paranoia It's very important that you completely understand the impact of In this case, this is no security paranoia. The thing is that there is sensitive data on the drives and even a bit of modification is prohibited, but Viktor needs to *read* the data on the disks but no cloning is possible due to the huge size of the disks. Tamas ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: setting a disk read only
Security Paranoia It's very important that you completely understand the impact of using the following command will have on your ability to make changes to your system. The simplest thing you can do is set the immutable flag on all system binaries and /etc config files with: chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) /etc/*(*) Setting the immutable flag on, means the files are marked as being protected from being written over. Once you execute the above command, no process can over write those files thus increasing the level of difficulty for the attacker and increasing the odds in your favor of the attacker leaving error messages in the system log. On the other hand you as root user can not make any changes to those file so marked either. Ever time you want to make changes you have to issue the command to turn off the immutable flag on all the same files. Use this command to do that: chflags noschg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) /etc/*(*) You can use "ls -lo" command to see the immutable flags of existing You could do this to any slice with chflags noschg /*(*) /usr/*(*) what ever -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of MICSKO Viktor Sent: Saturday, June 26, 2004 6:46 AM To: Matthew Seaman Cc: [EMAIL PROTECTED] Subject: Re: setting a disk read only > > Is it possible to setting a *whole* disk read only? I mean the way linux > > does it with "hdparm -r 1 device". So adding an -o ro parameter to mount > > isn't enough, I want to be sure that the disk is unmodified. > > Hmmm... SCSI disks can be physically jumpered to be read-only. I > should think that ATA drives can be treated the same way. Consult the > manufacturers' data sheets for details. No, at least I've never seen it on any ATA drives. That's why I need a software solution. viktor ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: setting a disk read only
> > Is it possible to setting a *whole* disk read only? I mean the way linux > > does it with "hdparm -r 1 device". So adding an -o ro parameter to mount > > isn't enough, I want to be sure that the disk is unmodified. > > Hmmm... SCSI disks can be physically jumpered to be read-only. I > should think that ATA drives can be treated the same way. Consult the > manufacturers' data sheets for details. No, at least I've never seen it on any ATA drives. That's why I need a software solution. viktor ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: setting a disk read only
On Sat, Jun 26, 2004 at 02:38:28AM +0200, MICSKO Viktor wrote: > Is it possible to setting a *whole* disk read only? I mean the way linux > does it with "hdparm -r 1 device". So adding an -o ro parameter to mount > isn't enough, I want to be sure that the disk is unmodified. > > (I have to access an existing raid of 8 disks using vinum without any > modified bit, because of the highly sensitive data. Any idea doing this > absolutely securely is welcome too) Hmmm... SCSI disks can be physically jumpered to be read-only. I should think that ATA drives can be treated the same way. Consult the manufacturers' data sheets for details. One point about doing this: if you make the disk physically read-only, it will work well when mounted read-only on the system. However, I'm not so sure what would happen if you accidentally mounted the drive read-write. Best case is that the system would refuse to mount the drive rw: either failing and emitting an error, or complaining and automatically flipping the mount flags to ro. Worst case is that everything will apparently work perfectly fine until the system attempts to do a write, at which point it will freeze or blow up. You might want to test out what happens on a scratch system. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpVIMkuWeUxm.pgp Description: PGP signature