Question about securelevel
Ted Cabeen
secabeen at pobox.com
Thu Feb 19 13:28:55 PST 2004
Jim Zajkowski <jim at jimz.net> writes:
> On Feb 11, 2004, at 10:24 AM, roberto at redix.it wrote:
>
>> Yes I agree with you: a secure system should be read-only fs, but to
>> overcome the drawbacks of a CDROM, I can use a standard hardisk with a
>> read-only file system while securelevel==3. The writable file system
>> should be available in single user mode only on console.
>
> If I figure out how to make your filesystem remount read-write without
> a reboot, the game is over.
Setting all of the important files on the disk immutable will help a
fair bit too, but a true read-only medium is better.
--
Ted Cabeen http://www.pobox.com/~secabeen ted at impulse.net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen at pobox.com
"I have taken all knowledge to be my province." -F. Bacon secabeen at cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen at netcom.com
More information about the freebsd-security
mailing list