Re: Another place for securelevel?

Cees de Groot (C.deGroot@inter.nl.net)
Tue, 27 Feb 1996 19:15:43 +0100


>
> I don't think this is a good idea. There might be valid reasons for
> changing firewall rules while the system is running. One of them is
> to change your firewall rules during working (office) hours. Or you
> might temporarily add some permissions, e.g., for a PPP connection
> that has permissions depending on the person that just logged in.
>
I realize that. I didn't want to elaborate on the idea, because I wanted some
basic reactions. And my current init doesn't raise securelevel anyway :-).

> Besides that, as long as root can add (alias) interfaces (ok, you don't
> need to include this in your kernel), can change routing tables, can
> write to /dev/kmem, etc., changing firewall rules is not the biggest
> problem we have when someone broke in as root. :-)
>
These are all points to be evaluated. The basic reason behind my posting is
that there should be a broader usage for securelevel than just freezing parts
of the filesystem; especially for dedicated routers (where nothing much is
changed) it would be a good add-on to have this (so block ifconfig, the
routing table, and why should anybody be able to write to /dev/kmem in the
first place?). With such mechanisms in place, you should be able to put a lot
more trust into your Linux firewall...

-- 
Cees de Groot                                        <C.deGroot@inter.NL.net>
OpenLink Software, Inc.