Question about securelevel

Ted Cabeen secabeen at pobox.com
Thu Feb 19 13:28:55 PST 2004


Jim Zajkowski <jim at jimz.net> writes:

> On Feb 11, 2004, at 10:24 AM, roberto at redix.it wrote:
>
>> Yes I agree with you: a secure system should be read-only fs, but to
>> overcome the drawbacks of a CDROM, I can use a standard hardisk with a
>> read-only file system while securelevel==3. The writable file system
>> should be available in single user mode only on console.
>
> If I figure out how to make your filesystem remount read-write without
> a reboot, the game is over.

Setting all of the important files on the disk immutable will help a
fair bit too, but a true read-only medium is better.

-- 
Ted Cabeen           http://www.pobox.com/~secabeen            ted at impulse.net 
Check Website or Keyserver for PGP/GPG Key BA0349D2         secabeen at pobox.com
"I have taken all knowledge to be my province." -F. Bacon  secabeen at cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot        cabeen at netcom.com


More information about the freebsd-security mailing list