Re: permissions
rik.harris@vifp.monash.edu.au
Thu, 19 May 1994 01:22:05 +1000
Tue, 17 May 1994 GMT, Daniel Azuelos wrote:
> Talking of standard fprobihitilssions at the file-system level:
>
> | > / rw,nosuid
> | > /usr ro
> | > /var rw,nosuid
> | > /home rw,nosuid
> | > /tmp rw,nosuid
> | > /usr/local ro
> |
> | excellent thinking. Does anyone have any problems with this philosophy?
> | I noticed some systems around here with /sbin/su and /sbin/sulogin.
> | These would be disabled if the above conditions were met.
> | Is this a problem? Anything else break?
>
> I'm personnally using this strategy since SunOS 3.5.2. I've been
> using it for nearly 5 years now, without any problem.
>
> I've never tried to install anything under /usr, for example, in
> place of the standard /usr/local, I'd advise to use a /local.
>
> With this method, tempering with standard binaries or installing
> a setuid file couldn't be done without rebooting the system.
If our hypothetical hacker has root, then mounting file systems
read-only is not going to make much difference. In some cases the
file systems can be umounted, and remounted with rw. In other cases,
I'm sure patching the running kernel could convince it to be writable,
or at the very least, modifying the raw device file. The only really
safe way to do this is physical write-protection.
> And long before Sun gave that possibility at the PROM level, there
> are easy methods to make any reboot of a system very hard, even to
> someone having a physical access to the keyboard.
This is a nice feature, we use it in several places.
rik.
--
The Fulcrum Consulting Group o
------------------------------------------------------------------------------
Rik Harris - rik.harris@fulcrum.com.au +61 3 621-2100 (BH) /\
12th Floor, 10-16 Queen St. Melbourne VIC 3000. +61 3 621-2724 (Fax)