"Linda Walsh" <law@sgi.com>:
> > From: Igmar Palsenberg [mailto:maillist@chello.nl]
> >
> > > > You still need to kill the old one..
> > > ---
> > > Right now, if you have root, even w/o raw-io and ability to change
> > > cap-immutable, a killall -9 syslogd klogd usually does the trick.
> >
> > You could make klogd immutable.. But that's nt always wanted behaviour.
> ---
> Immutable is an option on the ext2 filesytem. AFAIK, it isn't a
> process attribute. Making the file immutable doesn't prevent one from
> killing the process and starting a new one from the newly mounted file
> system. Another thing -- You also have to make /usr, /usr/bin and /usr/sbin
> immutable. Otherwise, I mount my badstuff in /tmp/mnt. Perform
> a tar copy of the /usr/bin and /usr/sbin dirs to /usr/newbin and /usr/newsbin.
> /bin/mv /usr/bin /usr/oldbin; /bin/mv /usr/newbin /usr/bin; rm -rf /usr/oldbin
> Now oldbin contains only the immutable files -- mov that dir to
> /usr/insignificant-place/ w/filename '...'. Now I have an exact copy
> of /usr/bin locally, I copy my replacements from /tmp/mnt and restart the
> demons.
>
> Of course making /usr and /usr/bin and /usr/sbin immutable might
> provide some hindrance if you want to install a software package, but hey --
> I'm sure user's won't mind being kicked off when a software patch comes
> in (a very rare occurance, of course... ;-)).
>
> This is why 'MAC' is sooo sexy. With one feature you severely
> limit damage. Note that networking also comes in 2 flavors -- untrusted
> and trusted -- something like sshd might be suitable for an 'su to root', but
> rsh,rlogin/telnet may not be. Or those protocols may only be trusted in
> when coming in on a VPN with appropriate ssh-like-key based authentications
> that trusted computers use to talk to each other.
Even better are the optional security fields in IPSec. These allow a
system to identify the remote system as trusted/untrusted, and allow for
remote user identification, level, compartment, group, permissions ...
Even if these have to pass through a remote-to-local translation, these
allow a unified control over separate systems, even if they are mobile
systems. IPSec over an IP tunnel could be used to control privleges of
the remote user using a laptop. That can even be used to provide remote
system admin if necessary.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:16 EST