Re: weird /etc/fstab problem
/ is rw - read-write not ro Tobias Weisserth wrote: Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? Thanks for your help, Tobias W. --This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: weird /etc/fstab problem
Sorry, hangover, problems with reading and understanding :) Tobias Weisserth wrote: Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? Thanks for your help, Tobias W. --This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: weird /etc/fstab problem
On 10/29/06, Edgars [EMAIL PROTECTED] wrote: Tobias Weisserth wrote: Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? / is rw - read-write not ro I other words: yes. The operation of mounting requires you to be able to write to the filesystem you are mounting on to (at least, that's how my intuition tells me it should work; otherwise an attacker with mount might be able to overload the mounted filesystems on a read-only filesystems, defeating the purpose of the read-only) I believe just rerunning mount with different options on the already-mounted fs will do it, right? -Nick
Re: weird /etc/fstab problem
On 2006/10/29 11:38, Tobias Weisserth wrote: Why is / not mounted read-only? vi +/uw /etc/rc if you change this, you'll probably want writable /dev: you can include an mfs partition in /etc/fstab and use the -p option to copy the files if you like.
Re: weird /etc/fstab problem
On 2006/10/29 06:23, Nick Guenther wrote: I other words: yes. The operation of mounting requires you to be able to write to the filesystem you are mounting on to I admin a number of boxes that disprove this theory (-: (at least, that's how my intuition tells me it should work; otherwise an attacker with mount might be able to overload the mounted filesystems on a read-only filesystems, defeating the purpose of the read-only) I believe just rerunning mount with different options on the already-mounted fs will do it, right? think about what you're saying here: if it's possible to remount (which it is), an attacker with mount(8) can defeat RO anyway (and of course they could mount a new /usr/bin or whatever over the top of the existing one). # mount -uw / # mount -ur /
Re: weird /etc/fstab problem
Hi, On Oct 29, 2006, at 12:27 PM, Stuart Henderson wrote: vi +/uw /etc/rc This is exactly what I was looking for. Thanks for the hint. I'll give it a try. regards, Tobias W.
Re: weird /etc/fstab problem
On 10/29/06, Stuart Henderson [EMAIL PROTECTED] wrote: think about what you're saying here: if it's possible to remount (which it is), an attacker with mount(8) can defeat RO anyway (and of course they could mount a new /usr/bin or whatever over the top of the existing one). # mount -uw / # mount -ur / Right, blah, tired. So is it simply not possible? -Nick
