On Mon, Jul 03, 2006 at 05:25:31PM -0700, c.s.r.c.murthy wrote:
> Hi,
> We have configured a firewall with pf on openbsd-3.9. It is found that
> ftp-proxy is unable to operate when system is put in secure level 2.
> This is due to the fact that ftp-proxy can't add/delete rules in pf in
> secure level 2. But for security reasons we would like to have the
> system running in secure level 2. Is there a soultion to have the
> ftp-proxy working in secure level 2?
Camiel already pointed out that the answer is no.
As to securelevels, they are officially considered broken (which caused
quite a bit of a stir here on misc@). One obvious vulnerability is that
mounting stuff is still possible, and thus, what any filename points to
can be altered, even if the inode it originally pointed to has
restrictive flags set.
Plus, a quick look at securelevel(7) does not give any obvious benefit
for a firewall, except locking the pf rules - which doesn't work with
ftp-proxy, as you noted.
Some alternatives to ftp-proxy exist, like the pre-3.8 ftp-proxy and a
program called ftpsesame (sp?) that I know very little about. Both would
be able to work without changing pf rules from userspace, I believe - of
course, this also means they are quite a bit slower.
Joachim
