Re: permissions

[rik.harris () vifp monash edu au (rik.harris () vifp monash edu au)]

Tue, 17 May 1994 GMT, Daniel Azuelos wrote:

> Talking of standard fprobihitilssions at the file-system level:
>
> | > /         rw,nosuid
> | > /usr              ro
> | > /var              rw,nosuid
> | > /home             rw,nosuid
> | > /tmp              rw,nosuid
> | > /usr/local        ro
> | 
> | excellent thinking. Does anyone have any problems with this philosophy?
> | I noticed some systems around here with /sbin/su and /sbin/sulogin.
> | These would be disabled if the above conditions were met.
> | Is this a problem? Anything else break?
>
> I'm personnally using this strategy since SunOS 3.5.2. I've been
> using it for nearly 5 years now, without any problem.
>
> I've never tried to install anything under /usr, for example, in
> place of the standard /usr/local, I'd advise to use a /local.
>
> With this method, tempering with standard binaries or installing
> a setuid file couldn't be done without rebooting the system.

If our hypothetical hacker has root, then mounting file systems
read-only is not going to make much difference.  In some cases the
file systems can be umounted, and remounted with rw.  In other cases,
I'm sure patching the running kernel could convince it to be writable,
or at the very least, modifying the raw device file.  The only really
safe way to do this is physical write-protection.

> And long before Sun gave that possibility at the PROM level, there
> are easy methods to make any reboot of a system very hard, even to
> someone having a physical access to the keyboard.

This is a nice feature, we use it in several places.

rik.
--
The Fulcrum Consulting Group                                           o
------------------------------------------------------------------------------
Rik Harris - rik.harris () fulcrum com au   +61 3 621-2100 (BH)       /\
12th Floor, 10-16 Queen St. Melbourne VIC 3000.  +61 3 621-2724 (Fax)