[nycbug-talk] security advisory

Isaac Levy ike
Thu Jan 19 17:29:22 EST 2006


On Jan 19, 2006, at 4:40 PM, Charles Sprickman wrote:

> On Thu, 19 Jan 2006, Ray Lai wrote:
>
>> On Thu, Jan 19, 2006 at 03:46:44PM -0500, Charles Sprickman wrote:
>>> On Thu, 19 Jan 2006, Isaac Levy wrote:
>>>> On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote:
>>>>> I'm logging into all my jail boxes and running "chflags -R  
>>>>> noschg /",
>>>>> since securelevels are now officially useless.
>>>>>
>>>>> Onion, shmonion!
>>>
>>> I'm just having fun with Theo's "securelevels are useless"  
>>> response.  They
>>> may not be a perfect solution, but to just discard the whole idea  
>>> (flaws
>>> and all), you lose a layer of security.  Layers are good.
>>
>> Securelevels are not file flags.
>
> But file flags aren't much fun if you can change a file from "schg"  
> to "noschg", and without securelevels, you can do that.
>
> An example:
>
> root at jailhost[/jails/jail1/etc]# chflags schg login.conf.db
>
> root at jail1[/etc]# id
> uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)
>
> root at jail1[/etc]# cp /tmp/login.conf.db login.conf.db
> cp: login.conf.db: Operation not permitted
>
> root at jail1[/etc]# chflags noschg login.conf.db
> chflags: login.conf.db: Operation not permitted
>
> While this is some jail trickery that's emulating securelevel file  
> flag behaviour in the jail, it illustrates a use that I feel at  
> least helps make the barrier to entry for an attacker a little higher.
>
> Additionally, setting the schg on a directory seems to stop someone  
> from layering something on top of it:
>
> root at jailhost[/jails/jail1/etc/pam.d]# chflags schg .
>
> root at jail1[/etc]# mkdir /tmp/pam.d
> root at jail1[/etc]# touch /tmp/pam.d/sshd root at jail1[/etc]#  
> mount_nullfs /tmp/pam.d pam.d
> mount_nullfs: Operation not permitted
>
> Charles

Well 3 cheers to Charles for actually taking time to test and provide  
some examples!

Rocket-
.ike






More information about the talk mailing list