netbsd-help: Re: undoing chflags schg ?

Subject: Re: undoing chflags schg ?
To: Charles M. Hannum <mycroft@gnu.ai.mit.edu>
From: Andrew Brown <codewarrior@daemon.org>
List: netbsd-help
Date: 04/22/1997 11:34:30

> From: Charles M. Hannum
>
>
>>codewarrior@daemon.org (Andrew Brown) writes:
>> 
>> actually, i thought it was more a preventative measure against important
>> files not getting corrupted by hackers and the like.  for example, you
>> would make all your log files append only, make you kernel immutable,
>> etc.  if a file's unchangable (or immutable) unless you remove the flag
>> and you can only do that in securelevel 0 (or lower :), then it's less
>> likely that anyone could do anything nasty to that file.
>
>So, what prevents the so-called `hacker' from simply turning off the
>bit?  Answer: They can't because the machine has to be in single-user
>mode to do that, and (hopefully!) that means they'd have to be at the
>console to do it.

exactly!

>> of course, if they get root (which is how they discover that they can't
>> change it anyway) they can still make changes to rc (which runs when
>> securelevel is 0) to effect the changes they want and then cause the
>> machine to reboot.
>
>No; if you're using this security feature, then you make /etc/rc
>immutable, and they can't change it, either.

yeah, but then you'd also have to make /etc immutable (otherwise they could
just move /etc elsewhere and make a new one by copying everything) and you
would probably want to make / immutable while you were at it.  no?  that
woudl work (wouldn't it?) but then if you wanted to do *ANYTHING* to rc
(or rc.local or netstart or anything else rc runs or maybe even inetd (since
there's a small window of opportunity when inetd has started but rc hasn't
finished so the machine is still at securelevel 0) immutable) you'd have to
go to the console and take the machine down to single user.  talk about an
administrative nightmare.  it would be secure only because you could't
possibly do anything to it.

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."