From nobody Fri Oct 27 02:34:28 2023
X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SGmvr6zMfz4xcFW
	for <freebsd-security@mlmmj.nyi.freebsd.org>; Fri, 27 Oct 2023 02:34:32 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SGmvr0tszz4Sps
	for <freebsd-security@freebsd.org>; Fri, 27 Oct 2023 02:34:32 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm3 header.b=SNNAdpYX;
	dkim=pass header.d=messagingengine.com header.s=fm3 header.b="G Bl/9Pa";
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.26 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id 2359B5C01EA
	for <freebsd-security@freebsd.org>; Thu, 26 Oct 2023 22:34:31 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Thu, 26 Oct 2023 22:34:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm3; t=
	1698374071; x=1698460471; bh=AVuEh2Rm22+homMWkWUQcu4/7dz72SshYGG
	N757wV5s=; b=SNNAdpYXYRhy8TZ8LqB78gjA4Tb2XiEaY6iaKFiIW556qbZlWrF
	PPhHHBBubN3iWMZMRt2UeAFDMHnRd4LvXDZUA3gdMEX5aChASBwoPXVP2z7HHmYK
	KmEakQHjJbCpvD1HO64srgQwVyHoqJiM0y6XGu+jvN35UNw187Xa5t+qyScUXW6+
	6WNfjgoR8cAmrAvKWh/xDBCEiUY0rN5qXYIM4/kol8oqC7qM2TTn2KKDRIPxiqpy
	TOyDOwv1/53wEYLTk41MrzSDGzXWtpaPG3GW8/lAFHlzguEGlqd1Y74mirW+83KK
	a10rUGVYeANw+fQwX39SIdBlgxI9bYT11xA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1698374071; x=
	1698460471; bh=AVuEh2Rm22+homMWkWUQcu4/7dz72SshYGGN757wV5s=; b=G
	Bl/9PasVn8CJnGpkJsWix4jA2eqnPNwfKrZflUgDDJddkZLGBiebPKSLxKMoAge0
	ngffF2D3UFZdmYWaVR1NKn19RwcN3qYrYAKu8wPbTGIZVOyswEjg/bfab6NfdIc7
	5XldOCMFQ03DnnKYpdUbeUL/4CLzZO58ZXw8/0xlVdMLzqTvYTuOP0MFJXb0gQXX
	bu/GGzg8N3SnK0uwNnMF8NHWptxlgpyKtsnrJUy6dSvdBzob162oE2c5pXLgFWuE
	X7bXviI5XcgQj+/39YxrGnNHA8It+J18bKiqBb70tsib6bLmwQ4HHpZTxr//8wPn
	pH1V+1ZCv/1hEVtpRP0oQ==
X-ME-Sender: <xms:tiE7ZSI1s9kqNMiw_oxSPD8gukzUcEV2eV81wX8kwC_fCFkMOng5gw>
    <xme:tiE7ZaJHWHI5-Bk1KOE89tnbIchYxBIqs-ZIMiLfuwq7jXVfuxX7V1prdJMfl5vYc
    VpKHtKAJm2gPvFBfQ>
X-ME-Received: <xmr:tiE7ZStkqnz9IKovYRFWN4IBFs2jemmEq_e8VaUBXG5dnl9YMLZNn384mWHopBTs2z5HdnLoTrUiHh8fclmI-cTBSg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrleefgdeivdcutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtugfgjgesthekre
    dttddtudenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgr
    thhtvghrnhepkedvjeeitdejheekieekkeeiuddtffdvudetheevgeeijeehtdfffeegge
    ektdefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep
    vhhoihgusehfqdhmrdhfmh
X-ME-Proxy: <xmx:tyE7ZXa0EhEPWR3ak4lTIO_ADQwmyWq--1kqxs80mx-hJmmLDBkOAQ>
    <xmx:tyE7ZZaeJAAhhzQtoN0wKd_kbxQ32q8x_1FzqxWWH7g7_bjFLZZz8g>
    <xmx:tyE7ZTDmQL1LgTpjEioWOy-5uBhUeMUdzNklc-lMSF4BUwwWA4nYTA>
    <xmx:tyE7Zb0MDfouIkVhRlW_ZtKEe-DZEl1KIRsB_1kLjGWUTpW8IrT03w>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-security@freebsd.org>; Thu, 26 Oct 2023 22:34:30 -0400 (EDT)
Date: Fri, 27 Oct 2023 03:34:28 +0100
From: void <void@f-m.fm>
To: freebsd-security@freebsd.org
Subject: Re: securelevel 1
Message-ID: <ZTshtJvtxipTsf2B@int21h>
Mail-Followup-To: freebsd-security@freebsd.org
References: <ZTeaGFZjvcsKfbOW@int21h>
 <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org>
 <663fd243-94ec-40c1-ac66-ca8e3d5f278d@quip.cz>
 <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>
 <86ttqd12y1.fsf@ltc.des.no>
List-Id: Security issues <freebsd-security.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security
List-Help: <mailto:freebsd-security+help@freebsd.org>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Subscribe: <mailto:freebsd-security+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-security+unsubscribe@freebsd.org>
Sender: owner-freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <86ttqd12y1.fsf@ltc.des.no>
X-Spamd-Result: default: False [-3.78 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-0.999];
	MID_RHS_NOT_FQDN(0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm3,messagingengine.com:s=fm3];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.26];
	RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.26:from];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.26:from];
	NEURAL_HAM_SHORT(-0.08)[-0.079];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_COUNT_THREE(0.00)[3];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	MLMMJ_DEST(0.00)[freebsd-security@freebsd.org];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4SGmvr0tszz4Sps
X-Spamd-Bar: ---

On Thu, Oct 26, 2023 at 11:36:22PM +0200, Dag-Erling Smørgrav wrote:
>void <void@f-m.fm> writes:
>> In order to accomplish what I'd like, I understand that I'd need to set +schg
>> on the individual logs, then set the securelevel afterwards and reboot.
>
>If you set the log file +schg, it can't be written to at all.  That's
>obviously not what you want.

Yes, I'm sorry; I meant to type +sappnd

>If you set it +sappnd, it can be written to, and newsyslog will be able
>to rotate it; an attacker with superuser privileges will also be able to
>replace it with a doctored file.

Yes. But if sappend is set on the required files, and then securelevel=1
is set, then nothing can change the flag while the system is multiuser.
That is, if I'm understanding correctly?

So, on such a system, if I understand correctly, newsyslog would need 
to be turned off.

Am I correct in understanding that securelevel could be lowered to -1
while in single user mode (for eg the purposes of upgrading); one
would have to comment out the securelevel variables in rc.conf
before booting multiuser?

newsyslog could be run on that occasion, then securelevel set to 1
again.

>There is no way to allow one without the other.  The usual solution is
>to log to a remote machine.

That's planned. 
--