Sunday, March 24, 2024

securelevel=2 and mount hardening

I am curious to hear peoples thoughts on adding some mount(2)
hardening when the system is running at securelevel 2. Specifically:

* do not allow removing MT_NODEV, MT_NOEXEC, MT_NOSUID,
or MT_RDONLY in conjunction with MNT_UPDATE

* do not allow MNT_WXALLOWED in conjunction with
MNT_UPDATE

Currently, if someone does manage to get a root toehold on a host,
they can remove noexec from /tmp as a possible springboard to upload
nasties, and then change /usr from read-only to read-write and
scribble all over your binaries.

This somewhat follows from how securelevel 1 removes the ability
to muck with the immutable and append only bits on files.

--lyndon

No comments:

Post a Comment