Re: Why can't OpenBSD's securelevels be saved?! - BSD

This is a discussion on Re: Why can't OpenBSD's securelevels be saved?! - BSD ; Anonyma wrote: > Anonyma wrote: >> *** Also notice that NetBSD was found to be immune to the problems. > Manuel wrote: >> http://archives.neohapsis.com/archiv...6-01/1914.html >>"This was fixed in, for instance, NetBSD by disallowing mounts;" > > Simple , yes. And ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Why can't OpenBSD's securelevels be saved?!

  1. Re: Why can't OpenBSD's securelevels be saved?!

    Anonyma wrote:

    > Anonyma wrote:
    >> *** Also notice that NetBSD was found to be immune to the problems.

    > Manuel wrote:
    >>http://archives.neohapsis.com/archiv...6-01/1914.html
    >>"This was fixed in, for instance, NetBSD by disallowing mounts;"

    >
    > Simple , yes. And NetBSD's reputation increased favorably as a result
    > of THEIR proactive solution to the problem.


    > ..while OpenBSD's reputation , and it's perception by the public generally ,
    > suffered.
    >
    > NetBSD 1
    > OpenBSD 0


    Joachim Schipper wrote:

    >While those of us who actually knew what we were doing were astounded
    >that people who had apparently failed to RTFM made such a stink about
    >it.


    >Can we drop this topic now, please?


    >Joachim





    I think I am aware of some of what you allude to Joachim.


    The problem I see is twofold:


    1) I have affinity for the concept of securelevels. I feel that securelevels
    do offer some level of additional protection against subversion. I feel that
    securelevels should be maintained and improved. I do not feel that securelevels
    should be removed from OpenBSD , this would create a vacuum to some extent IMO.


    2) As Theo is project leader (and judging from the quality of the OS , a very good one) ,
    and as I take him at his words and believe that he means what he says , I can only
    assume that the OpenBSD project has no intention to maintain or improve securelevels.
    As securelevels are still within the OpenBSD kernel and enabled on default installs ,
    some users would be expected to use them and rely on them for some level of protection.
    I do believe that some man pages such as those for securelevels and chflags are inaccurate
    or misleading. To a certain extent this was known over one-year ago. How can the project
    expect to have it both ways , saying that securelevels are defective and that it has no
    intention to maintain or improve them while at the same time not removing securelevels from
    OpenBSD and also not updating the relevant man pages to warn users of all of the known
    defects affecting securelevels. There can be no security through obscurity indefinitely.
    And yes , it does bother me that other OpenBSD users who do "RTFM" are being ill-informed
    and let down. The position is untenable. It is my sincerest hope that the project will
    choose to keep and improve securelevels by some clever means. As a user , I think the concept
    of having them and the case for keeping them is sound.


    With relation to your "stink" , I was dismayed when I initially read of the exploit. I have known of
    the issue for a long time now. I was truly disheartened when I read OpenBSD's official reply. I cannot
    imagine any useful reason for a reply such as was given , and I have an active imagination. Surely a "we
    will study the issues and consider modifications" would have been an ideal response.


    Best Regards , An Odd User.


  2. Re: Why can't OpenBSD's securelevels be saved?!

    Anonymous wrote:
    > Joachim Schipper wrote:
    >>[T]hose of us who actually knew what we were doing were astounded
    >>that people who had apparently failed to RTFM made such a stink about
    >>it.

    >
    >>Can we drop this topic now, please?

    >
    > I think I am aware of some of what you allude to Joachim.


    That does not seem to be the case. I snipped whatever I thought was
    irrelevant.

    > The problem I see is twofold:


    > 2) As securelevels are still within the OpenBSD kernel and enabled on
    > default installs, some users would be expected to use them and rely on
    > them for some level of protection. I do believe that some man pages
    > such as those for securelevels and chflags are inaccurate or
    > misleading. To a certain extent this was known over one-year ago. How
    > can the project expect to have it both ways, saying that securelevels
    > are defective and that it has no intention to maintain or improve them
    > while at the same time not removing securelevels from OpenBSD and also
    > not updating the relevant man pages to warn users of all of the known
    > defects affecting securelevels.


    Securelevel 1 is useful and works correctly (i.e., adds a few basic
    protections without troubling general system use), and it is this which
    is used 'on default installs'. I do not believe this will be removed at
    any point in the foreseeable future. However, neither securelevel 1 nor
    securelevel 2 is a complete system lockdown, which seems to be what some
    people intend it to be.

    The securelevel(7) man page, is quite precise in enumerating the
    protections afforded, and does quite clearly not mention disallowing
    mounts. Really, I read it about 6 months before the whole affair, and
    immediately understood this limitation. Which is where the "failed to
    RTFM" comment, above, comes from.

    > With relation to your "stink" , I was dismayed when I initially read
    > of the exploit. (...) I was truly disheartened when I read OpenBSD's
    > official reply. (...) Surely a "we will study the issues and consider
    > modifications" would have been an ideal response.


    Surely, 'securelevels don't work for what you want them to do, anyway'
    is a much more clear response.

    On a side note, would it be asking too much to
    1. Use only one account
    2. Use proper formatting (what's with all the *** lately?)
    3. Actually limit yourself to 72 columns
    4. Produce some diffs (adding a sys.allow_mounts sysctl shouldn't be
    that difficult, even if it's not particularly useful), or shut up?

    Joachim

+ Reply to Thread