Re: REČ: FreeBSD isdangerous!

From: Joshua Tinnin (krinklyfig_at_spymac.com)
Date: 02/08/05

  • Next message: Randy Pratt: "Re: Creating an INDEX file for local tbz packages" 
    To: freebsd-newbies@freebsd.org
Date: Mon, 7 Feb 2005 15:19:13 -0800

    On Monday 07 February 2005 02:37 pm, Fabrice <FabriceMarchant@free.fr>
    wrote:
    > >> I installed FreeBSD 5.3.
    > >> When I mount_ext2fs my Linux partitions on the same computer,
    > >> FreeBSD give me access to them in R/WRITE mode without needing any
    > >> password
    >
    > ImobachGonzalez Sosa replied to me :
    > >What's wrong with that?
    >
    > Anybody with a FreeBSD install CD can modify my beloved data I store
    > in my debian Linux partitions.
    > Of course with a Linux rescue floppy is it possible to behave same
    > naughty way...
    > But, as I told to Joshua Tinnin :
    > "If I remember when I mounted a Linux partition - for example a
    > Debian one - on the ext2/3 filesystem of another Linux or Knoppix, it
    > was only possible to read, not to write on it. But a vfat filesystem
    > could be mounted on R/W mode."

    Yes, I didn't mean to be snide when I responded, just a bit sarcastic.
    The problem isn't specific to FreeBSD. Physical security is on a
    different level. If someone has access to the physical box, there's not
    a lot you can do to prevent them from removing the HDD or the box
    itself, other than physical measures like locks. This isn't to say
    there is no other way to do this. I suggest that if mounting a
    partition from another fs is a security problem in your particular
    setup, and the users on your system have authority to mount
    filesystems, you might want to consider encrypting the sensitive data,
    or even the entire partition. Someone who has authority could still
    mount it, but they couldn't read it.

    > albi wrote :
    > > if you mount FreeBSD from Linux, it will only mount it read-only,
    > > does that make Linux less dangerous ? ;-)
    >
    > I do not have tested cos I'm not able up to now to mount the FreeBSD
    > filesystem (UFS ?) on my Debian Linux. I asked how to perform this on
    > the french Linux Forum Léa-Linux
    >
    > http://lea-linux.org/pho/
    >
    > but nobody helped me about this... Please Albi, can you explain to me
    > how to mount the FreeBSD partition on my ext2 or 3 filesystems ?

    You can mount UFS from Linux, but that's more of a Linux question
    anyway. I don't know the specific commands to do this, but it shouldn't
    be a whole lot different than other mount commands. Since this list
    isn't a tech help list, you might try -questions, but some people may
    also tell you that it's a Linux question. However, some quick searching
    reveals that ufs filesystems can be mounted read/write with the 2.6
    kernel (maybe 2.1 and up) with something as simple as:

    mount -t ufs /dev/hda1 /mnt

    > > this behavior is pretty normal, from a Linux or FreeBSD
    > > installation you can easily mount a FAT-partition read/write on the
    > > same machine
    >
    > Yes, Linux do this with FAT but that doesn't hurt me because I
    > couldn't care less than Micro$oft vfat...
    >
    > > if you're interested in security maybe this webpage is interesting
    > > to read :
    > > http://www.defcon1.org/html/Security/Secure-Guide/secure-guide.html
    >
    > Thank you Albi ! I've a lot to learn about security.

    Well, again, once someone can mount stuff from the machine that you
    would rather they didn't, your options come down to encryption and
    physical security (AFAIK - I am no expert). You can designate what
    should(n't) be mounted in /etc/fstab, but of course this assumes you
    have control over that aspect of the system while other users do not.
    You can set user-level restrictions that should prevent this problem. A
    restricted user can't mount anything anyway.

    - jt
    _______________________________________________
    freebsd-newbies@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-newbies
    To unsubscribe, send any mail to "freebsd-newbies-unsubscribe@freebsd.org"

  • Next message: Randy Pratt: "Re: Creating an INDEX file for local tbz packages"

    Relevant Pages

    • Re: FREEBSD or LINUX
      ... wheather FreeBSD is better than linux? ... (i still use winxp for my personal desktop - *taki runs and hides from ... security - firewalls, VPN sevrer, e.t.c.. ...
      (comp.os.linux.security)
    • Re: Help, renamed fstab --> fstab.bak
      ... >>error messages and mount refused. ... > them on FreeBSD you have a different, and more serious, problem. ... > If you disregard download costs, which for many end-users are not free, ... linux Is Not The Same. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Mounting two different disk slices on the same mount point
      ... > two to a single mount point. ... If you try mounting two partitions ... What I think your Linux using friends were thinking of, ... Under FreeBSD, you could use vinumto create a concat volume from ...
      (freebsd-questions)
    • Re: best distro for security
      ... Of course it is similar to Linux as it is ... the statement that BSD's are better (security wise) more than once. ... I am also aware that some people make the point that FreeBSD releases ... FreeBSD and OpenBSD I have settled on Arch Linux as my permanent home. ...
      (comp.os.linux.security)
    • REČ: FreeBSD is dangerous!
      ... Anybody with a FreeBSD install CD can modify my beloved data I store in my ... Of course with a Linux rescue floppy is it possible to behave same naughty ... "If I remember when I mounted a Linux partition - for example a Debian one - ... > if you mount FreeBSD from Linux, it will only mount it read-only, does ...
      (freebsd-newbies)