[880] in NetBSD-Development
Re: NetBSD configuration for dialup
daemon@ATHENA.MIT.EDU (Yoav Yerushalmi)
Fri Jul 21 17:48:57 1995
To: Sam Hartman <hartmans@MIT.EDU>
Cc: bug-dialup@MIT.EDU, pc-dialup@MIT.EDU
In-Reply-To: Your message of "Fri, 21 Jul 1995 17:37:35 EDT."
<199507212137.RAA16081@tertius.mit.edu>
Date: Fri, 21 Jul 1995 17:48:06 EDT
From: Yoav Yerushalmi <yoav@MIT.EDU>
(agree with the previous statements, but was wondering about the last three:
>* Consider adapting NetBSD AFS so that it can be linked into the
>Kernel instead of treated as a loadable kernel module and disable
>LKM's.
you could still load the module before it goes multi-user, and then
trust the OS not to allow LKM's in multi-user mode (which is what is
currently done, and is in theory secure). Putting AFS in the kernel
might be a lot more work, and I don't think jtkohl wants to do that..
>* Use imutable files where appropriate. Unfortunately, you'll have
>to take the dialup down into single user mode to change these; routine
>maintinance may make it difficult for some files like /.klogin to be
>immutable. You may also find append-only files useful.
how would this differ from mounting things like /usr or / read-only? (we'll
need /var writeable and such). I guess the only risk is if somebody gains root,
but if they can do that, we've already lost most of the security anyway..
I'm probably missing something.. so clue me in..
>* If physical access to upgrade the kernel isn't objectionable, then
>put the kernel on a write-protected floppy, set the CMOS to boot of a
>first, to avoid kernel tampering. Charles claims he could probably
>find a way around this if he were root, but I doubt many others could,
>especially since you cannot load stuff into kernel space or modify
>/dev/kmem or /dev/mem.
as you said, tampering with the kernel should be hard (harder than it is
under current dialups I believe), and noticeable, so it probably wouldn't
be too much of a worry, I doubt we would update the kernel on a regular basis
anyway, so checksums would notice changes on the on-disk version, while
the fact that the in-memory kernel can't be changed (I believe) would
protect us from that kind of attack..
comments?
-------------------------------------------------------
| Yoav Yerushalmi | My opinions are mine.. |
| M.I.T student at large | so back off!! |
| http://www.mit.edu:8001/people/yoav/homepage.html |
-------------------------------------------------------
