[nycbug-talk] security advisory
Thu Jan 19 16:40:44 EST 2006
On Thu, 19 Jan 2006, Ray Lai wrote:
> On Thu, Jan 19, 2006 at 03:46:44PM -0500, Charles Sprickman wrote:
>> On Thu, 19 Jan 2006, Isaac Levy wrote:
>>> On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote:
>>>> I'm logging into all my jail boxes and running "chflags -R noschg /",
>>>> since securelevels are now officially useless.
>>>> Onion, shmonion!
>> I'm just having fun with Theo's "securelevels are useless" response. They
>> may not be a perfect solution, but to just discard the whole idea (flaws
>> and all), you lose a layer of security. Layers are good.
> Securelevels are not file flags.
But file flags aren't much fun if you can change a file from "schg" to
"noschg", and without securelevels, you can do that.
root at jailhost[/jails/jail1/etc]# chflags schg login.conf.db
root at jail1[/etc]# id
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)
root at jail1[/etc]# cp /tmp/login.conf.db login.conf.db
cp: login.conf.db: Operation not permitted
root at jail1[/etc]# chflags noschg login.conf.db
chflags: login.conf.db: Operation not permitted
While this is some jail trickery that's emulating securelevel file flag
behaviour in the jail, it illustrates a use that I feel at least helps
make the barrier to entry for an attacker a little higher.
Additionally, setting the schg on a directory seems to stop someone from
layering something on top of it:
root at jailhost[/jails/jail1/etc/pam.d]# chflags schg .
root at jail1[/etc]# mkdir /tmp/pam.d
root at jail1[/etc]# touch /tmp/pam.d/sshd
root at jail1[/etc]# mount_nullfs /tmp/pam.d pam.d
mount_nullfs: Operation not permitted
More information about the talk