Subject: Re: verified executable kernel modification committed
To: matthew green <mrg@eterna.com.au>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 10/30/2002 08:53:23
> ...and it also can't tell you if the raw disk was frobbed out from
> underneath you. chflags protects things at the ffs layer. if you go
> below that, all bets are off.
>
>i dunno. chflags isn't useful (*) without securelevel > 1 anyway,
>at which point you can't frob the raw disk without physical (console)
>access...
make that securelevel > 0, since at securelevel 1, you can no longer
clear sappnd or schg.
>i guess my point is if i can modify the raw disk i can pretty much
>do whatever i like already, regardless of vexec - i can probably
>change the vexec-ok list and cause a reboot - sure, you will notice
>this but to attack the machine protected with chflags would need as
>much force - a shutdown to single user or more.
true, but that's more complex than merely changing the binary.
>this is not to say i don't find vexec useful. i know several
>systems that i will definately use it on. i just don't think it
>necessarily is inherently more secure than chflags protection.
well, it's certainly not less.
>(*) for security, that is. "uappnd" flags are *always* useful IMO. :)
of course!
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
werdna@squooshy.com * "information is power -- share the wealth."