Re: ifupdown writes to /etc... a bug?

To: "Matt Ryan" <mryan@debian.org>
Cc: <debian-devel@lists.debian.org>
Subject: Re: ifupdown writes to /etc... a bug?
From: Russell Coker <russell@coker.com.au>
Date: Sat, 22 Mar 2003 16:06:21 +0100
Message-id: <[🔎] 200303221606.21710.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 013f01c2f075$d6517e20$a2b89bd9@banana.org.uk>
References: <[🔎] 20030310124920.GA32489@diamond.madduck.net> <[🔎] 20030321200228.GA8338@lapdog> <[🔎] 013f01c2f075$d6517e20$a2b89bd9@banana.org.uk>

On Sat, 22 Mar 2003 14:20, Matt Ryan wrote:
> > Is there still something unclear I failed to summarize? This
> > thread is starting to have too much talk and too little
> > implementation. I want to have a ro root cleanly, and don't
> > want this effort to fade.
>
> Explain to me how the ro root makes a difference? There is a lot of talk
> about how difficult it is to install a rootkit when the root fs is ro, but
> if you already have superuser privileges why can't you just remount root rw
> and then drop the rootkit in? If you don't have superuser privilege to do
> this then you can write to root owned directories (with the correct
> permissions) anyway?
> I don't see the win here...

If you have some additional security scheme such as GRSEC then a chroot'd 
process can't mount a file system, but will still be able to write to files.  
Making the file system ro may help in such a situation (IE it may be a useful 
part of a larger scheme to improve security).

On it's own a ro root file system does not gain anything unless it's on a file 
server which denies writes, or it's on media which physically does not allow 
writes (CD-ROM, EPROM, etc).

Maybe we should have a Debian security contest.  The people who advocate 
read-only file systems can setup some servers with known security holes (IE 
old Sendmail, BIND, proftpd, etc) and I'll setup an SE Linux machine with the 
same buggy applications.  Then we can invite everyone in the world to help us 
compare the relative merits of these schemes.

My suggestion to make a minor change to the file naming scheme under 
/usr/share to make things easier for SE Linux was shot down even though it 
would take very little effort to implement.  This ro-root idea takes 
considerably more work to implement and I think that it provides considerably 
less benefit.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: ifupdown writes to /etc... a bug?
  - From: John Hasler <john@dhh.gt.org>

References:
- ifupdown writes to /etc... a bug?
  - From: martin f krafft <madduck@debian.org>
- Re: ifupdown writes to /etc... a bug?
  - From: Tommi Virtanen <tv@debian.org>
- Re: ifupdown writes to /etc... a bug?
  - From: "Matt Ryan" <mryan@debian.org>

Prev by Date: Re: ifupdown writes to /etc... a bug?
Next by Date: Re: ifupdown writes to /etc... a bug?
Previous by thread: Re: ifupdown writes to /etc... a bug?
Next by thread: Re: ifupdown writes to /etc... a bug?
Index(es):
- Date
- Thread