Subject: Re: PROPOSAL: File flags (LONG)
To: None <tech-security@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: tech-security
Date: 02/03/1999 12:20:09
[ On Wednesday, February 3, 1999 at 13:29:50 (+0100), Manuel Bouyer wrote: ]
> Subject: Re: PROPOSAL: File flags (LONG)
>
> I would set this one schg. On a secure system, /etc/hosts is used before
> dns, and critical machines are in /etc/hosts.
On my "secure" systems /etc/hosts is never used! ;-) IP numbers with
no mapping whatsoever is far more secure, and I would argue *less* prone
to configuration error. (Of course I'm merely parroting Cheswick and
Bellovin and others who say this much more strongly in their published
works.)
> I played with system flags when I set up our firewall. Alone they're useless:
> why make /dev immutable if a root user can create devices elsewhere ?
> (well, they are not useless, but can be worked around).
Making /dev immutable presumably makes it more difficult for either
error or malicious attempts to remove a critical device or redirect it
to the wrong hardware, etc.; or indeed to prevent accidents from
creating big files in /dev by writing to devices that are not there.
That's why you also need securelevel=2 to make even raw disk read-only.
Presumably other important devices, such as any direct access to the
SCSI command channel (to prevent formatting), should also be disabled
with securelevel=2 (there's room for improvement in the current system).
> The box I set up has / mounted read-only (this needs some tweaks in
> /etc and /var, and / is first mounted r/w and remounted ro later, after syslog
> has created /dev/log). /usr is mounted nodev , /home and /var nodev,noexec.
These are definitely good ideas too.... I wonder if it is possible to
make such a configuration generic enough that the default system could
enable it with a flick of a switch in /etc/rc.conf.
Obviously file (including directory) flags are not the only tools one
needs to emply to create a more secure system (though they are
definitely near the top of the list).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>