[10940] in bugtraq
Re, Re: BSD-fileflags
daemon@ATHENA.MIT.EDU (stealth@DIONE.IDS.PL)
Mon Jul 5 15:18:11 1999
Message-Id: <199907042046.QAA12927@netspace.org>
Date: Sun, 4 Jul 1999 16:46:15 -0400
Reply-To: stealth@DIONE.IDS.PL
From: stealth@DIONE.IDS.PL
To: BUGTRAQ@NETSPACE.ORG
>I might add that to be able to unmount /usr, if that is indeed where
>/usr/bin/login is being run from, or any other filesystem for that
>matter, it needs to be totally unused. For this reason, I think you
>would be hard pressed to have /usr unmounted in a manner that would
>go undetected unless you were in single luser mode. Depending on
>what else runs on the system and how packages are installed, the
>same might be true for other file systems often used for installation
>of binaries (/usr/local). To give you some idea of the programs which
>would need to have been stopped before unmounting /usr are as follows:
>
>syslogd, update, cron, inetd, getty
>
>(according to NetBSD-1.4). That said, I do think that the claims made
>by the documentation for securelevel 1 are false and should instead
>mention something about changing file flags through "conventional means"
>with a more complete briefing available for securelevel 2.
Right. You will run in trouble if you try to umount /usr without
'preparing' the system for it. To do this you also have to link UZip statically
b/c libc is in /usr. This also means the other programs as syslogd etc.
Some of them (getty) will die without explicitly kill them.
Althought hard, it's not impossible and on my test system i was able to remove
an immutable /usr/bin/login _without_ booting into single user (why the hell 'user'
isn't it for root? :-) mode.
Regardless whats written in the README, you have to define FORCE_OR_NOT to
MNT_FORCE (not 1) if it should be done the 'umount -f' way, sorry.
Stealth
: ---- main(){fork();main();} ----
: Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
: Stealth <-> http://www.kalug.lug.net/stealth
