Subject: re: verified executable kernel modification committed
To: Andrew Brown <email@example.com>
From: matthew green <firstname.lastname@example.org>
Date: 10/31/2002 01:43:25
> ...and it also can't tell you if the raw disk was frobbed out from
> underneath you. chflags protects things at the ffs layer. if you go
> below that, all bets are off.
>i dunno. chflags isn't useful (*) without securelevel > 1 anyway,
>at which point you can't frob the raw disk without physical (console)
make that securelevel > 0, since at securelevel 1, you can no longer
clear sappnd or schg.
no, i meant what i said. securelevel == 1 IMO is a waste of time.
it is pain that just hurts without really helping (devices are still
writable... so anything is possible, including removing various
>i guess my point is if i can modify the raw disk i can pretty much
>do whatever i like already, regardless of vexec - i can probably
>change the vexec-ok list and cause a reboot - sure, you will notice
>this but to attack the machine protected with chflags would need as
>much force - a shutdown to single user or more.
true, but that's more complex than merely changing the binary.
>this is not to say i don't find vexec useful. i know several
>systems that i will definately use it on. i just don't think it
>necessarily is inherently more secure than chflags protection.
well, it's certainly not less.
yes. and actually, i think the point of "you can't run trojans"